Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-42338 (GCVE-0-2026-42338)
Vulnerability from cvelistv5 – Published: 2026-05-12 19:43 – Updated: 2026-07-09 12:09- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42338",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T14:46:11.633277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:46:50.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.10::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.29::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.29",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:exploit_intelligence:0"
],
"defaultStatus": "affected",
"product": "Exploit Intelligence",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "affected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:0"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:camel_spring_boot:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel for Spring Boot 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-12T19:43:16.470Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:09:43.283Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"name": "RHBZ#2476810",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42338.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35892"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36754"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:35842: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:35841: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:35892: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:35891: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:34374: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:36754: Red Hat Developer Hub 1.10"
},
{
"lang": "en",
"value": "RHSA-2026:33574: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:36820: Red Hat OpenShift Dev Spaces 3.29"
},
{
"lang": "en",
"value": "RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:33160: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-12T21:01:14.436Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-12T19:43:16.470Z",
"value": "Made public."
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "ip-address",
"vendor": "beaugunderson",
"versions": [
{
"status": "affected",
"version": "\u003c 10.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error\u0027s parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T19:43:16.470Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"source": {
"advisory": "GHSA-v2v4-37r5-5v8g",
"discovery": "UNKNOWN"
},
"title": "ip-address: XSS in Address6 HTML-emitting methods"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42338",
"datePublished": "2026-05-12T19:43:16.470Z",
"dateReserved": "2026-04-26T13:26:14.514Z",
"dateUpdated": "2026-07-09T12:09:43.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-42338",
"date": "2026-07-10",
"epss": "0.00471",
"percentile": "0.37478"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-42338\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-12T20:16:41.130\",\"lastModified\":\"2026-07-09T13:17:10.853\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error\u0027s parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"beaugunderson\",\"product\":\"ip-address\",\"versions\":[{\"version\":\"\u003c 10.1.1\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.10::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces 3.29\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.29::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Confidential Compute Attestation\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:confidential_compute_attestation:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Exploit Intelligence\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:exploit_intelligence:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhmt:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AMQ Broker 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_broker:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apache Camel - HawtIO 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:apache_camel_hawtio:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Build of Podman Desktop\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:podman_desktop:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Build of Podman Desktop - Tech Preview\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:podman_desktop:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Self-service automation portal 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_portal:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apache Camel for Spring Boot 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:camel_spring_boot:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3\"]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-13T14:46:11.633277Z\",\"id\":\"CVE-2026-42338\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:beaugunderson:ip-address:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"10.1.1\",\"matchCriteriaId\":\"2A574108-EE16-449B-8729-B727C061036B\"}]}]}],\"references\":[{\"url\":\"https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33155\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33160\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33163\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33173\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33183\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33574\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34374\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35841\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35842\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35891\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35892\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36754\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36820\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-42338\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2476810\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42338.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-08T21:41:10+00:00",
"cve": "CVE-2026-42338",
"id": "CVE-2026-42338",
"initial_release_date": "2026-05-12T19:43:16.470000+00:00",
"product_status:fixed": "206",
"product_status:known_affected": "21",
"product_status:known_not_affected": "220",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42338.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3.29::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces 3.29\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1\"], \"vendor\": \"Red Hat\", \"product\": \"Confidential Compute Attestation\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:exploit_intelligence:0\"], \"vendor\": \"Red Hat\", \"product\": \"Exploit Intelligence\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhmt:1\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Containers\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Engine for Kubernetes\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_pipelines:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Pipelines\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_broker:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Broker 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:apache_camel_hawtio:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Apache Camel - HawtIO 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:podman_desktop:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Build of Podman Desktop\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:podman_desktop:0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Build of Podman Desktop - Tech Preview\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_portal:2\"], \"vendor\": \"Red Hat\", \"product\": \"Self-service automation portal 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:camel_spring_boot:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Apache Camel for Spring Boot 4\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-12T21:01:14.436Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-12T19:43:16.470Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:35842: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35841: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35892: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35891: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34374: Red Hat Ansible Automation Platform 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36754: Red Hat Developer Hub 1.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33574: Red Hat Developer Hub 1.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36820: Red Hat OpenShift Dev Spaces 3.29\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33160: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-12T19:43:16.470Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-42338\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2476810\", \"name\": \"RHBZ#2476810\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42338.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35842\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35841\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35892\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35891\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34374\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36754\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33574\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36820\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33155\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33160\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33163\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33173\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33183\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-09T12:09:43.283Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42338\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T14:46:11.633277Z\"}}}], \"references\": [{\"url\": \"https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T14:46:43.960Z\"}}], \"cna\": {\"title\": \"ip-address: XSS in Address6 HTML-emitting methods\", \"source\": {\"advisory\": \"GHSA-v2v4-37r5-5v8g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"beaugunderson\", \"product\": \"ip-address\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 10.1.1\"}]}], \"references\": [{\"url\": \"https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g\", \"name\": \"https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain unescaped attacker-controlled content in one branch. An application that (1) passes untrusted input to Address6 and (2) renders the output of these methods, or the thrown error\u0027s parseMessage, as HTML (e.g. via innerHTML) is vulnerable to cross-site scripting. This vulnerability is fixed in 10.1.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-12T19:43:16.470Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-42338\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-09T12:09:43.283Z\", \"dateReserved\": \"2026-04-26T13:26:14.514Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-12T19:43:16.470Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:33155
Vulnerability from csaf_redhat - Published: 2026-06-29 16:07 - Updated: 2026-07-09 23:35A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64 | — |
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 1.73.33 for Red Hat OpenShift Service Mesh 2.6 is now available.\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 1.73.33, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-42338 openshift-service-mesh/kiali-ossmc-rhel9: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (OSSM-14066)\n* CVE-2026-42338 openshift-service-mesh/kiali-rhel9: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (OSSM-14067)\n* CVE-2026-39821 openshift-service-mesh/kiali-rhel9: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (OSSM-14073)\n* CVE-2026-44495 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure due to prototype pollution vulnerability (OSSM-14141)\n* CVE-2026-44495 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure due to prototype pollution vulnerability (OSSM-14142)\n* CVE-2026-44488 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Denial of Service due to unenforced request and response size limits (OSSM-14152)\n* CVE-2026-44488 openshift-service-mesh/kiali-rhel9: Axios: Denial of Service due to unenforced request and response size limits (OSSM-14156)\n* CVE-2026-44487 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure of proxy credentials via redirect flows (OSSM-14168)\n* CVE-2026-44487 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure of proxy credentials via redirect flows (OSSM-14182)\n* CVE-2026-44494 openshift-service-mesh/kiali-rhel9: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution (OSSM-14177)\n* CVE-2026-44494 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution (OSSM-14186)\n* CVE-2026-44496 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name (OSSM-14210)\n* CVE-2026-44496 openshift-service-mesh/kiali-rhel9: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name (OSSM-14206)\n* CVE-2026-44486 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure of proxy credentials via HTTP redirects (OSSM-14201)\n* CVE-2026-44486 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure of proxy credentials via HTTP redirects (OSSM-14187)\n* CVE-2026-44492 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization (OSSM-14219)\n* CVE-2026-44492 openshift-service-mesh/kiali-rhel9: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization (OSSM-14224)\n* CVE-2026-48779 openshift-service-mesh/kiali-rhel9: ws: Denial of Service via memory exhaustion from small WebSocket fragments (OSSM-14305)\n* CVE-2026-48779 openshift-service-mesh/kiali-ossmc-rhel9: ws: Denial of Service via memory exhaustion from small WebSocket fragments (OSSM-14303)\n* CVE-2026-12143 openshift-service-mesh/kiali-ossmc-rhel9: form-data: Form field override via CRLF injection (OSSM-14335)\n* CVE-2026-12143 openshift-service-mesh/kiali-rhel9: form-data: Form field override via CRLF injection (OSSM-14327)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33155",
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-12143",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42338",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48779",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33155.json"
}
],
"title": "Red Hat Security Advisory: Kiali 1.73.33 for Red Hat OpenShift Service Mesh 2.6",
"tracking": {
"current_release_date": "2026-07-09T23:35:35+00:00",
"generator": {
"date": "2026-07-09T23:35:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:33155",
"initial_release_date": "2026-06-29T16:07:52+00:00",
"revision_history": [
{
"date": "2026-06-29T16:07:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T08:56:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T23:35:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 2.6",
"product": {
"name": "Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3Aeff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1782287580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1781937133"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1782287580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Af71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1781937133"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3Acf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1782287580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1781937133"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3Aed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1782287580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1781937133"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-12143",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-06-12T19:00:57.360953+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488480"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (\") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: form-data: Form field override via CRLF injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important impact flaw in the form-data library: a remote attacker can inject arbitrary headers or additional multipart parts via CRLF injection in field names or filenames, potentially overriding sensitive form fields and affecting data integrity.\n\nFor RHOAI and RHEL AI, severity is Moderate because affected versions appear only as a transitive npm dependency in RHOAI (dashboard, mod-arch plugins, MLflow UI) and RHEL AI 3.4 bootc images, and those products use fixed field names for uploads rather than passing untrusted user input as multipart field names or filenames. The documented exploit path is therefore not reachable in default deployments. Practical impact is limited to non-default or custom integrations that forward multipart requests using attacker-controlled field names.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "RHBZ#2488480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488480"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/93.html",
"url": "https://cwe.mitre.org/data/definitions/93.html"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435",
"url": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229",
"url": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045",
"url": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx"
},
{
"category": "external",
"summary": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data",
"url": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/form-data",
"url": "https://www.npmjs.com/package/form-data"
}
],
"release_date": "2026-06-12T18:01:30.362000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:07:52+00:00",
"details": "See Kiali 1.73.33 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"category": "workaround",
"details": "Applications using the `form-data` library should implement strict input validation and sanitization for all field names and filenames derived from untrusted sources. This prevents the injection of control characters (CR, LF, \") that could lead to header injection or form field overrides. Deployments that exclusively use fixed or trusted field names are not impacted.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "form-data: form-data: Form field override via CRLF injection"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:07:52+00:00",
"details": "See Kiali 1.73.33 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:07:52+00:00",
"details": "See Kiali 1.73.33 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-44486",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:30.944384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in the Axios Node.js HTTP adapter. Red Hat products utilizing Axios in a Node.js environment with an authenticated proxy and automatic redirects enabled are susceptible. The vulnerability arises when a request, initially sent through an authenticated proxy, is redirected to a target that no longer uses the proxy, potentially leaking `Proxy-Authorization` headers containing sensitive credentials to an untrusted remote server. This risk is heightened in deployments where applications interact with untrusted HTTP origins.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "RHBZ#2487947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
"url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
}
],
"release_date": "2026-06-11T15:39:07.714000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:07:52+00:00",
"details": "See Kiali 1.73.33 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in Axios affecting Node.js environments. When an application uses Axios with an authenticated HTTP proxy and follows redirects from an HTTP to a non-proxied HTTPS destination, the Proxy-Authorization header may be inadvertently sent to the final origin server. This could lead to the exposure of sensitive proxy credentials to an unintended third party.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:07:52+00:00",
"details": "See Kiali 1.73.33 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A denial of service flaw was found in Axios, a JavaScript HTTP client library. This issue arises when applications utilize the `fetch` adapter, as configured request and response size limits are not properly enforced. A remote attacker could exploit this by sending or receiving excessively large data bodies, leading to resource exhaustion and potential denial of service in affected server-side applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:07:52+00:00",
"details": "See Kiali 1.73.33 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44492",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-11T17:00:56.761751+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Axios, a JavaScript HTTP client library, that allows for a proxy bypass. When a `NO_PROXY` environment variable is configured to prevent direct connections to specific IPv4 addresses, an attacker can craft a request URL using the IPv4-mapped IPv6 address format. This bypasses the intended `NO_PROXY` exclusion, routing the request through the configured proxy and potentially exposing internal services or sensitive information, such as cloud instance metadata credentials.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "RHBZ#2487938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
}
],
"release_date": "2026-06-11T15:29:13.890000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:07:52+00:00",
"details": "See Kiali 1.73.33 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
},
{
"cve": "CVE-2026-44494",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:01:12.945664+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the Axios library allows an attacker to escalate existing prototype pollution vulnerabilities within an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. By injecting a malicious proxy configuration into the `Object.prototype`, an attacker can intercept, read, and modify all HTTP traffic, including sensitive authentication credentials, without direct user interaction. This poses a significant risk to data confidentiality and integrity in Red Hat products that utilize the Axios library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "RHBZ#2487942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
"url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
}
],
"release_date": "2026-06-11T15:32:03.155000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:07:52+00:00",
"details": "See Kiali 1.73.33 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in Axios, a promise-based HTTP client, can lead to information disclosure, including credential theft and response hijacking, or denial of service. Exploitation requires a separate prototype pollution vulnerability in the same JavaScript process, allowing an attacker to control `Object.prototype.transformResponse`. Red Hat products using affected Axios versions are at risk if another component introduces such pollution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:07:52+00:00",
"details": "See Kiali 1.73.33 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:07:52+00:00",
"details": "See Kiali 1.73.33 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-48779",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-16T22:01:24.571224+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489661"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `ws` WebSocket library. A remote attacker can exploit this flaw by sending a high volume of small, fragmented data, leading to excessive memory consumption and subsequent process termination. This can result in service disruption for Red Hat products that utilize `ws` for WebSocket communication.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "RHBZ#2489661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489661"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7",
"url": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53",
"url": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94",
"url": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8",
"url": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p"
}
],
"release_date": "2026-06-16T21:26:22.537000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:07:52+00:00",
"details": "See Kiali 1.73.33 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:431be7a67581ddb521dc3e8a2d7fb59fdc2bfe8362e364aed4cdc8bb441495c0_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71bf14b0c1b05f821567971253f304ccc8a58cc682aa9dfe2805dc096f29ce39_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:75a4205abf3e9d948907598c52e18b89d5656e3bab72846319ca9d7162c9b123_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:f71032abc7a0d0885b56bf99a59c0b8800844297c0ff96fb2561edc493a0a0a2_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:70f6b5471f8994330a6659bc2b863bff2792552231237d217825d432c166dfd9_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:cf60d7a68c8b997e899f71a049e0d43d6d07115ed544a79db569bc8c33306e75_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ed47a2c0145d0e71f6c7dca89f1cb502098ab54c679367b2c7374fd6ca2da413_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:eff6e4643347f77c419cb3e32b4c9d914762b9f2114e832126964850b7179967_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments"
}
]
}
RHSA-2026:33160
Vulnerability from csaf_redhat - Published: 2026-06-29 16:36 - Updated: 2026-07-09 23:35A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le | — |
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.4.19 for Red Hat OpenShift Service Mesh 3.0 is now available.\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.4.19, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-42338 openshift-service-mesh/kiali-ossmc-rhel9: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (OSSM-14061)\n* CVE-2026-42338 openshift-service-mesh/kiali-rhel9: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (OSSM-14069)\n* CVE-2026-39821 openshift-service-mesh/kiali-rhel9: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (OSSM-14072)\n* CVE-2026-44495 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure due to prototype pollution vulnerability (OSSM-14136)\n* CVE-2026-44495 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure due to prototype pollution vulnerability (OSSM-14140)\n* CVE-2026-44488 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Denial of Service due to unenforced request and response size limits (OSSM-14150)\n* CVE-2026-44488 openshift-service-mesh/kiali-rhel9: Axios: Denial of Service due to unenforced request and response size limits (OSSM-14155)\n* CVE-2026-44487 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure of proxy credentials via redirect flows (OSSM-14169)\n* CVE-2026-44487 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure of proxy credentials via redirect flows (OSSM-14178)\n* CVE-2026-44494 openshift-service-mesh/kiali-rhel9: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution (OSSM-14181)\n* CVE-2026-44494 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution (OSSM-14183)\n* CVE-2026-44496 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name (OSSM-14190)\n* CVE-2026-44496 openshift-service-mesh/kiali-rhel9: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name (OSSM-14192)\n* CVE-2026-44486 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure of proxy credentials via HTTP redirects (OSSM-14194)\n* CVE-2026-44486 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure of proxy credentials via HTTP redirects (OSSM-14208)\n* CVE-2026-44492 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization (OSSM-14218)\n* CVE-2026-44492 openshift-service-mesh/kiali-rhel9: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization (OSSM-14225)\n* CVE-2026-48779 openshift-service-mesh/kiali-rhel9: ws: Denial of Service via memory exhaustion from small WebSocket fragments (OSSM-14302)\n* CVE-2026-48779 openshift-service-mesh/kiali-ossmc-rhel9: ws: Denial of Service via memory exhaustion from small WebSocket fragments (OSSM-14306)\n* CVE-2026-12143 openshift-service-mesh/kiali-ossmc-rhel9: form-data: Form field override via CRLF injection (OSSM-14334)\n* CVE-2026-12143 openshift-service-mesh/kiali-rhel9: form-data: Form field override via CRLF injection (OSSM-14339)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33160",
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-12143",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42338",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48779",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33160.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.4.19 for Red Hat OpenShift Service Mesh 3.0",
"tracking": {
"current_release_date": "2026-07-09T23:35:37+00:00",
"generator": {
"date": "2026-07-09T23:35:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:33160",
"initial_release_date": "2026-06-29T16:36:30+00:00",
"revision_history": [
{
"date": "2026-06-29T16:36:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T08:56:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T23:35:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782201894"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Acf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782201894"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Aab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782201894"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ac878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782201894"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-12143",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-06-12T19:00:57.360953+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488480"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (\") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: form-data: Form field override via CRLF injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important impact flaw in the form-data library: a remote attacker can inject arbitrary headers or additional multipart parts via CRLF injection in field names or filenames, potentially overriding sensitive form fields and affecting data integrity.\n\nFor RHOAI and RHEL AI, severity is Moderate because affected versions appear only as a transitive npm dependency in RHOAI (dashboard, mod-arch plugins, MLflow UI) and RHEL AI 3.4 bootc images, and those products use fixed field names for uploads rather than passing untrusted user input as multipart field names or filenames. The documented exploit path is therefore not reachable in default deployments. Practical impact is limited to non-default or custom integrations that forward multipart requests using attacker-controlled field names.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "RHBZ#2488480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488480"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/93.html",
"url": "https://cwe.mitre.org/data/definitions/93.html"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435",
"url": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229",
"url": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045",
"url": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx"
},
{
"category": "external",
"summary": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data",
"url": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/form-data",
"url": "https://www.npmjs.com/package/form-data"
}
],
"release_date": "2026-06-12T18:01:30.362000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:36:30+00:00",
"details": "See Kiali 2.4.19 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"category": "workaround",
"details": "Applications using the `form-data` library should implement strict input validation and sanitization for all field names and filenames derived from untrusted sources. This prevents the injection of control characters (CR, LF, \") that could lead to header injection or form field overrides. Deployments that exclusively use fixed or trusted field names are not impacted.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "form-data: form-data: Form field override via CRLF injection"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:36:30+00:00",
"details": "See Kiali 2.4.19 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:36:30+00:00",
"details": "See Kiali 2.4.19 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-44486",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:30.944384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in the Axios Node.js HTTP adapter. Red Hat products utilizing Axios in a Node.js environment with an authenticated proxy and automatic redirects enabled are susceptible. The vulnerability arises when a request, initially sent through an authenticated proxy, is redirected to a target that no longer uses the proxy, potentially leaking `Proxy-Authorization` headers containing sensitive credentials to an untrusted remote server. This risk is heightened in deployments where applications interact with untrusted HTTP origins.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "RHBZ#2487947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
"url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
}
],
"release_date": "2026-06-11T15:39:07.714000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:36:30+00:00",
"details": "See Kiali 2.4.19 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in Axios affecting Node.js environments. When an application uses Axios with an authenticated HTTP proxy and follows redirects from an HTTP to a non-proxied HTTPS destination, the Proxy-Authorization header may be inadvertently sent to the final origin server. This could lead to the exposure of sensitive proxy credentials to an unintended third party.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:36:30+00:00",
"details": "See Kiali 2.4.19 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A denial of service flaw was found in Axios, a JavaScript HTTP client library. This issue arises when applications utilize the `fetch` adapter, as configured request and response size limits are not properly enforced. A remote attacker could exploit this by sending or receiving excessively large data bodies, leading to resource exhaustion and potential denial of service in affected server-side applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:36:30+00:00",
"details": "See Kiali 2.4.19 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44492",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-11T17:00:56.761751+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Axios, a JavaScript HTTP client library, that allows for a proxy bypass. When a `NO_PROXY` environment variable is configured to prevent direct connections to specific IPv4 addresses, an attacker can craft a request URL using the IPv4-mapped IPv6 address format. This bypasses the intended `NO_PROXY` exclusion, routing the request through the configured proxy and potentially exposing internal services or sensitive information, such as cloud instance metadata credentials.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "RHBZ#2487938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
}
],
"release_date": "2026-06-11T15:29:13.890000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:36:30+00:00",
"details": "See Kiali 2.4.19 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
},
{
"cve": "CVE-2026-44494",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:01:12.945664+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the Axios library allows an attacker to escalate existing prototype pollution vulnerabilities within an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. By injecting a malicious proxy configuration into the `Object.prototype`, an attacker can intercept, read, and modify all HTTP traffic, including sensitive authentication credentials, without direct user interaction. This poses a significant risk to data confidentiality and integrity in Red Hat products that utilize the Axios library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "RHBZ#2487942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
"url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
}
],
"release_date": "2026-06-11T15:32:03.155000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:36:30+00:00",
"details": "See Kiali 2.4.19 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in Axios, a promise-based HTTP client, can lead to information disclosure, including credential theft and response hijacking, or denial of service. Exploitation requires a separate prototype pollution vulnerability in the same JavaScript process, allowing an attacker to control `Object.prototype.transformResponse`. Red Hat products using affected Axios versions are at risk if another component introduces such pollution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:36:30+00:00",
"details": "See Kiali 2.4.19 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:36:30+00:00",
"details": "See Kiali 2.4.19 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-48779",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-16T22:01:24.571224+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489661"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `ws` WebSocket library. A remote attacker can exploit this flaw by sending a high volume of small, fragmented data, leading to excessive memory consumption and subsequent process termination. This can result in service disruption for Red Hat products that utilize `ws` for WebSocket communication.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "RHBZ#2489661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489661"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7",
"url": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53",
"url": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94",
"url": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8",
"url": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p"
}
],
"release_date": "2026-06-16T21:26:22.537000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:36:30+00:00",
"details": "See Kiali 2.4.19 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:163c0867091d50fae1acfc08b5631ada2be4a49c056adbee9a60166b97a88d5d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:527644abdbe3cabab1f48223a1c0ee8048d7ced2b331c6b50cb0f08decfd6b4c_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7072a730964e67001c15c156743e2726bb6dbaf7d8ee6338c337d94fafb079ed_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ab8453c70ec43c8782332d31f81758a47d79703bbfc06965947ab7d72404c374_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:12ce2d6283ac3fe295e53ac099b14222722fdcb9c549fbe2243ae83069f3cfa4_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:1b110d69b83fa0ed08e2cf38a981ad4fcadc8d01b0f9e4b1c0f4f93eba00df55_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c878bf475fb5ded36d666d59a5d1d7a15e4ec3ba0b54893cc09180e1af431db6_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:cf2dbdd1c93fe967961000699880b74f2234de06335682f264dac8fdd96fef09_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments"
}
]
}
RHSA-2026:33163
Vulnerability from csaf_redhat - Published: 2026-06-29 16:41 - Updated: 2026-07-09 23:35A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64 | — |
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.11.13 for Red Hat OpenShift Service Mesh 3.1 is now available.\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.11.13, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-42338 openshift-service-mesh/kiali-ossmc-rhel9: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (OSSM-14063)\n* CVE-2026-42338 openshift-service-mesh/kiali-rhel9: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (OSSM-14068)\n* CVE-2026-39821 openshift-service-mesh/kiali-rhel9: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (OSSM-14070)\n* CVE-2026-44495 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure due to prototype pollution vulnerability (OSSM-14144)\n* CVE-2026-44495 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure due to prototype pollution vulnerability (OSSM-14149)\n* CVE-2026-44488 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Denial of Service due to unenforced request and response size limits (OSSM-14157)\n* CVE-2026-44488 openshift-service-mesh/kiali-rhel9: Axios: Denial of Service due to unenforced request and response size limits (OSSM-14162)\n* CVE-2026-44487 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure of proxy credentials via redirect flows (OSSM-14166)\n* CVE-2026-44487 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure of proxy credentials via redirect flows (OSSM-14173)\n* CVE-2026-44494 openshift-service-mesh/kiali-rhel9: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution (OSSM-14222)\n* CVE-2026-44494 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution (OSSM-14171)\n* CVE-2026-44496 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name (OSSM-14213)\n* CVE-2026-44496 openshift-service-mesh/kiali-rhel9: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name (OSSM-14185)\n* CVE-2026-44486 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure of proxy credentials via HTTP redirects (OSSM-14200)\n* CVE-2026-44486 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure of proxy credentials via HTTP redirects (OSSM-14188)\n* CVE-2026-44492 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization (OSSM-14227)\n* CVE-2026-44492 openshift-service-mesh/kiali-rhel9: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization (OSSM-14230)\n* CVE-2026-48779 openshift-service-mesh/kiali-rhel9: ws: Denial of Service via memory exhaustion from small WebSocket fragments (OSSM-14311)\n* CVE-2026-48779 openshift-service-mesh/kiali-ossmc-rhel9: ws: Denial of Service via memory exhaustion from small WebSocket fragments (OSSM-14314)\n* CVE-2026-12143 openshift-service-mesh/kiali-ossmc-rhel9: form-data: Form field override via CRLF injection (OSSM-14333)\n* CVE-2026-12143 openshift-service-mesh/kiali-rhel9: form-data: Form field override via CRLF injection (OSSM-14330)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33163",
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-12143",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42338",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48779",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33163.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.11.13 for Red Hat OpenShift Service Mesh 3.1",
"tracking": {
"current_release_date": "2026-07-09T23:35:36+00:00",
"generator": {
"date": "2026-07-09T23:35:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:33163",
"initial_release_date": "2026-06-29T16:41:59+00:00",
"revision_history": [
{
"date": "2026-06-29T16:41:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T08:56:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T23:35:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ac5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201537"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782201696"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Aca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201537"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Acf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782201696"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201537"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Acd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782201696"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201537"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782201696"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-12143",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-06-12T19:00:57.360953+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488480"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (\") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: form-data: Form field override via CRLF injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important impact flaw in the form-data library: a remote attacker can inject arbitrary headers or additional multipart parts via CRLF injection in field names or filenames, potentially overriding sensitive form fields and affecting data integrity.\n\nFor RHOAI and RHEL AI, severity is Moderate because affected versions appear only as a transitive npm dependency in RHOAI (dashboard, mod-arch plugins, MLflow UI) and RHEL AI 3.4 bootc images, and those products use fixed field names for uploads rather than passing untrusted user input as multipart field names or filenames. The documented exploit path is therefore not reachable in default deployments. Practical impact is limited to non-default or custom integrations that forward multipart requests using attacker-controlled field names.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "RHBZ#2488480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488480"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/93.html",
"url": "https://cwe.mitre.org/data/definitions/93.html"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435",
"url": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229",
"url": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045",
"url": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx"
},
{
"category": "external",
"summary": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data",
"url": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/form-data",
"url": "https://www.npmjs.com/package/form-data"
}
],
"release_date": "2026-06-12T18:01:30.362000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:41:59+00:00",
"details": "See Kiali 2.11.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"category": "workaround",
"details": "Applications using the `form-data` library should implement strict input validation and sanitization for all field names and filenames derived from untrusted sources. This prevents the injection of control characters (CR, LF, \") that could lead to header injection or form field overrides. Deployments that exclusively use fixed or trusted field names are not impacted.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "form-data: form-data: Form field override via CRLF injection"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:41:59+00:00",
"details": "See Kiali 2.11.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:41:59+00:00",
"details": "See Kiali 2.11.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-44486",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:30.944384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in the Axios Node.js HTTP adapter. Red Hat products utilizing Axios in a Node.js environment with an authenticated proxy and automatic redirects enabled are susceptible. The vulnerability arises when a request, initially sent through an authenticated proxy, is redirected to a target that no longer uses the proxy, potentially leaking `Proxy-Authorization` headers containing sensitive credentials to an untrusted remote server. This risk is heightened in deployments where applications interact with untrusted HTTP origins.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "RHBZ#2487947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
"url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
}
],
"release_date": "2026-06-11T15:39:07.714000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:41:59+00:00",
"details": "See Kiali 2.11.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in Axios affecting Node.js environments. When an application uses Axios with an authenticated HTTP proxy and follows redirects from an HTTP to a non-proxied HTTPS destination, the Proxy-Authorization header may be inadvertently sent to the final origin server. This could lead to the exposure of sensitive proxy credentials to an unintended third party.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:41:59+00:00",
"details": "See Kiali 2.11.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A denial of service flaw was found in Axios, a JavaScript HTTP client library. This issue arises when applications utilize the `fetch` adapter, as configured request and response size limits are not properly enforced. A remote attacker could exploit this by sending or receiving excessively large data bodies, leading to resource exhaustion and potential denial of service in affected server-side applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:41:59+00:00",
"details": "See Kiali 2.11.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44492",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-11T17:00:56.761751+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Axios, a JavaScript HTTP client library, that allows for a proxy bypass. When a `NO_PROXY` environment variable is configured to prevent direct connections to specific IPv4 addresses, an attacker can craft a request URL using the IPv4-mapped IPv6 address format. This bypasses the intended `NO_PROXY` exclusion, routing the request through the configured proxy and potentially exposing internal services or sensitive information, such as cloud instance metadata credentials.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "RHBZ#2487938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
}
],
"release_date": "2026-06-11T15:29:13.890000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:41:59+00:00",
"details": "See Kiali 2.11.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
},
{
"cve": "CVE-2026-44494",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:01:12.945664+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the Axios library allows an attacker to escalate existing prototype pollution vulnerabilities within an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. By injecting a malicious proxy configuration into the `Object.prototype`, an attacker can intercept, read, and modify all HTTP traffic, including sensitive authentication credentials, without direct user interaction. This poses a significant risk to data confidentiality and integrity in Red Hat products that utilize the Axios library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "RHBZ#2487942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
"url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
}
],
"release_date": "2026-06-11T15:32:03.155000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:41:59+00:00",
"details": "See Kiali 2.11.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in Axios, a promise-based HTTP client, can lead to information disclosure, including credential theft and response hijacking, or denial of service. Exploitation requires a separate prototype pollution vulnerability in the same JavaScript process, allowing an attacker to control `Object.prototype.transformResponse`. Red Hat products using affected Axios versions are at risk if another component introduces such pollution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:41:59+00:00",
"details": "See Kiali 2.11.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:41:59+00:00",
"details": "See Kiali 2.11.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-48779",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-16T22:01:24.571224+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489661"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `ws` WebSocket library. A remote attacker can exploit this flaw by sending a high volume of small, fragmented data, leading to excessive memory consumption and subsequent process termination. This can result in service disruption for Red Hat products that utilize `ws` for WebSocket communication.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "RHBZ#2489661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489661"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7",
"url": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53",
"url": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94",
"url": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8",
"url": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p"
}
],
"release_date": "2026-06-16T21:26:22.537000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T16:41:59+00:00",
"details": "See Kiali 2.11.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:1c422bbe4c19201f0a63dd8175ae962208cbffccf096912858e6274b214994af_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:853f2430db6aceeb634f4c2059947d22547e39978c1185dc48ba3be4f7d337b6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cd49f834dca7cc30e12add0fb3247d82981f722d353fc15523ad247df8e6d25c_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf353c0b22a951c13996d5227406ed75923bf6dbaed9ea50892f32d664003c8d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:99e5e5ef3be5b42ef54d1fbcceac268c670c05a47c3e982c1088d010499c9ae8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:9ac5ee0b1ffc79c320478d77a24d62789eb7162a564dc0e2be3c0a2ae2ffb272_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:c5926bbd0cb2414e4fd0117e11ccec6d33924c2ea255ca7f500419c7886807cf_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ca9d114cccf1e213f392c73a4f36af7efef15bc016636d27fc5c736a933cda14_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments"
}
]
}
RHSA-2026:33173
Vulnerability from csaf_redhat - Published: 2026-06-29 17:10 - Updated: 2026-07-09 23:35A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le | — |
Workaround
|
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as prototype pollution, allows an attacker to inject malicious properties into core JavaScript objects. When another component in the same application environment is compromised and pollutes the system's object prototype, Axios can unknowingly use these manipulated values in its outbound network requests. This could lead to the disclosure of sensitive information or the alteration of network communications, compromising data confidentiality and integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.17.10 for Red Hat OpenShift Service Mesh 3.2 is now available.\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.17.10, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-42338 openshift-service-mesh/kiali-rhel9: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (OSSM-14062)\n* CVE-2026-42338 openshift-service-mesh/kiali-ossmc-rhel9: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (OSSM-14064)\n* CVE-2026-39821 openshift-service-mesh/kiali-rhel9: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (OSSM-14074)\n* CVE-2026-44495 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure due to prototype pollution vulnerability (OSSM-14143)\n* CVE-2026-44495 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure due to prototype pollution vulnerability (OSSM-14146)\n* CVE-2026-44488 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Denial of Service due to unenforced request and response size limits (OSSM-14158)\n* CVE-2026-44488 openshift-service-mesh/kiali-rhel9: Axios: Denial of Service due to unenforced request and response size limits (OSSM-14159)\n* CVE-2026-44487 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure of proxy credentials via redirect flows (OSSM-14164)\n* CVE-2026-44487 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure of proxy credentials via redirect flows (OSSM-14165)\n* CVE-2026-44494 openshift-service-mesh/kiali-rhel9: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution (OSSM-14212)\n* CVE-2026-44494 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution (OSSM-14203)\n* CVE-2026-44496 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name (OSSM-14204)\n* CVE-2026-44496 openshift-service-mesh/kiali-rhel9: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name (OSSM-14209)\n* CVE-2026-44486 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure of proxy credentials via HTTP redirects (OSSM-14193)\n* CVE-2026-44486 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure of proxy credentials via HTTP redirects (OSSM-14197)\n* CVE-2026-44492 openshift-service-mesh/kiali-rhel9: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization (OSSM-14229)\n* CVE-2026-44492 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization (OSSM-14231)\n* CVE-2026-48779 openshift-service-mesh/kiali-ossmc-rhel9: ws: Denial of Service via memory exhaustion from small WebSocket fragments (OSSM-14310)\n* CVE-2026-48779 openshift-service-mesh/kiali-rhel9: ws: Denial of Service via memory exhaustion from small WebSocket fragments (OSSM-14312)\n* CVE-2026-12143 openshift-service-mesh/kiali-rhel9: form-data: Form field override via CRLF injection (OSSM-14329)\n* CVE-2026-12143 openshift-service-mesh/kiali-ossmc-rhel9: form-data: Form field override via CRLF injection (OSSM-14332)\n* CVE-2026-42264 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Prototype pollution allows information disclosure and request manipulation (OSSM-14594)\n* CVE-2026-42264 openshift-service-mesh/kiali-rhel9: Axios: Prototype pollution allows information disclosure and request manipulation (OSSM-14598)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33173",
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-12143",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42264",
"url": "https://access.redhat.com/security/cve/CVE-2026-42264"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42338",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48779",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33173.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.17.10 for Red Hat OpenShift Service Mesh 3.2",
"tracking": {
"current_release_date": "2026-07-09T23:35:36+00:00",
"generator": {
"date": "2026-07-09T23:35:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:33173",
"initial_release_date": "2026-06-29T17:10:36+00:00",
"revision_history": [
{
"date": "2026-06-29T17:10:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T08:56:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T23:35:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201812"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782201851"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201812"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Acf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782201851"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201812"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Af08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782201851"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201812"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782201851"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-12143",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-06-12T19:00:57.360953+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488480"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (\") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: form-data: Form field override via CRLF injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important impact flaw in the form-data library: a remote attacker can inject arbitrary headers or additional multipart parts via CRLF injection in field names or filenames, potentially overriding sensitive form fields and affecting data integrity.\n\nFor RHOAI and RHEL AI, severity is Moderate because affected versions appear only as a transitive npm dependency in RHOAI (dashboard, mod-arch plugins, MLflow UI) and RHEL AI 3.4 bootc images, and those products use fixed field names for uploads rather than passing untrusted user input as multipart field names or filenames. The documented exploit path is therefore not reachable in default deployments. Practical impact is limited to non-default or custom integrations that forward multipart requests using attacker-controlled field names.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "RHBZ#2488480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488480"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/93.html",
"url": "https://cwe.mitre.org/data/definitions/93.html"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435",
"url": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229",
"url": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045",
"url": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx"
},
{
"category": "external",
"summary": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data",
"url": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/form-data",
"url": "https://www.npmjs.com/package/form-data"
}
],
"release_date": "2026-06-12T18:01:30.362000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:10:36+00:00",
"details": "See Kiali 2.17.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"category": "workaround",
"details": "Applications using the `form-data` library should implement strict input validation and sanitization for all field names and filenames derived from untrusted sources. This prevents the injection of control characters (CR, LF, \") that could lead to header injection or form field overrides. Deployments that exclusively use fixed or trusted field names are not impacted.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "form-data: form-data: Form field override via CRLF injection"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:10:36+00:00",
"details": "See Kiali 2.17.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-42264",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-05-08T04:02:21.039378+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as prototype pollution, allows an attacker to inject malicious properties into core JavaScript objects. When another component in the same application environment is compromised and pollutes the system\u0027s object prototype, Axios can unknowingly use these manipulated values in its outbound network requests. This could lead to the disclosure of sensitive information or the alteration of network communications, compromising data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Prototype pollution allows information disclosure and request manipulation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important prototype pollution flaw in Axios could result in information disclosure and network request manipulation. The vulnerability occurs when a co-located dependency in the application environment successfully pollutes the JavaScript `Object.prototype`. Under these conditions, Axios may unknowingly incorporate the manipulated properties into its outbound HTTP requests, potentially compromising data confidentiality and integrity. Exploitation is contingent on a prior successful prototype pollution attack from another component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42264"
},
{
"category": "external",
"summary": "RHBZ#2467927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42264",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42264"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa",
"url": "https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10779",
"url": "https://github.com/axios/axios/pull/10779"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.2",
"url": "https://github.com/axios/axios/releases/tag/v1.15.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj",
"url": "https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj"
}
],
"release_date": "2026-05-08T03:20:24.248000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:10:36+00:00",
"details": "See Kiali 2.17.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Prototype pollution allows information disclosure and request manipulation"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:10:36+00:00",
"details": "See Kiali 2.17.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-44486",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:30.944384+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in the Axios Node.js HTTP adapter. Red Hat products utilizing Axios in a Node.js environment with an authenticated proxy and automatic redirects enabled are susceptible. The vulnerability arises when a request, initially sent through an authenticated proxy, is redirected to a target that no longer uses the proxy, potentially leaking `Proxy-Authorization` headers containing sensitive credentials to an untrusted remote server. This risk is heightened in deployments where applications interact with untrusted HTTP origins.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "RHBZ#2487947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
"url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
}
],
"release_date": "2026-06-11T15:39:07.714000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:10:36+00:00",
"details": "See Kiali 2.17.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in Axios affecting Node.js environments. When an application uses Axios with an authenticated HTTP proxy and follows redirects from an HTTP to a non-proxied HTTPS destination, the Proxy-Authorization header may be inadvertently sent to the final origin server. This could lead to the exposure of sensitive proxy credentials to an unintended third party.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:10:36+00:00",
"details": "See Kiali 2.17.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A denial of service flaw was found in Axios, a JavaScript HTTP client library. This issue arises when applications utilize the `fetch` adapter, as configured request and response size limits are not properly enforced. A remote attacker could exploit this by sending or receiving excessively large data bodies, leading to resource exhaustion and potential denial of service in affected server-side applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:10:36+00:00",
"details": "See Kiali 2.17.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44492",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-11T17:00:56.761751+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Axios, a JavaScript HTTP client library, that allows for a proxy bypass. When a `NO_PROXY` environment variable is configured to prevent direct connections to specific IPv4 addresses, an attacker can craft a request URL using the IPv4-mapped IPv6 address format. This bypasses the intended `NO_PROXY` exclusion, routing the request through the configured proxy and potentially exposing internal services or sensitive information, such as cloud instance metadata credentials.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "RHBZ#2487938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
}
],
"release_date": "2026-06-11T15:29:13.890000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:10:36+00:00",
"details": "See Kiali 2.17.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
},
{
"cve": "CVE-2026-44494",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:01:12.945664+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the Axios library allows an attacker to escalate existing prototype pollution vulnerabilities within an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. By injecting a malicious proxy configuration into the `Object.prototype`, an attacker can intercept, read, and modify all HTTP traffic, including sensitive authentication credentials, without direct user interaction. This poses a significant risk to data confidentiality and integrity in Red Hat products that utilize the Axios library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "RHBZ#2487942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
"url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
}
],
"release_date": "2026-06-11T15:32:03.155000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:10:36+00:00",
"details": "See Kiali 2.17.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in Axios, a promise-based HTTP client, can lead to information disclosure, including credential theft and response hijacking, or denial of service. Exploitation requires a separate prototype pollution vulnerability in the same JavaScript process, allowing an attacker to control `Object.prototype.transformResponse`. Red Hat products using affected Axios versions are at risk if another component introduces such pollution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:10:36+00:00",
"details": "See Kiali 2.17.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:10:36+00:00",
"details": "See Kiali 2.17.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-48779",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-16T22:01:24.571224+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489661"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `ws` WebSocket library. A remote attacker can exploit this flaw by sending a high volume of small, fragmented data, leading to excessive memory consumption and subsequent process termination. This can result in service disruption for Red Hat products that utilize `ws` for WebSocket communication.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "RHBZ#2489661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489661"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7",
"url": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53",
"url": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94",
"url": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8",
"url": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p"
}
],
"release_date": "2026-06-16T21:26:22.537000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:10:36+00:00",
"details": "See Kiali 2.17.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:25cea20e2ae09312237993c254bebc58983e3907469758392d7e97e9859b59c8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:26fc99e8a9aa85fee4c07b4d77b4c699a41af995888f017ca1ab650d9777f20a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cf7b68e5a7e3b4ecbab43eba4196a71b7f859fb6f9a4e11fe9dfd2ad530f684a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f08bc5caad4465d35f3526bdb1a43c4f56a2a70e6e0f584a291ca8984444bc5f_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:28ff05488ce8333b7b2cf2a68f465d0ba085064ba474ccee2652c7e8d4c8f5ab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2c2d500314bd8380c4dc06068ac379eadbc8c376bfa232cbf3c7bf1816a0d628_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6cc59e499071fb3a97ecfcdab32b29ed94b3e725d4c0c47f67b096205296e7e3_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:790215d0593d974c79ae90cd01d71b8a0f7d872c1b0ad78870d9f2ae28eaff5c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments"
}
]
}
RHSA-2026:33183
Vulnerability from csaf_redhat - Published: 2026-06-29 17:47 - Updated: 2026-07-09 23:35A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x | — |
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x | — |
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x | — |
Workaround
|
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x | — |
Workaround
|
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x | — |
Workaround
|
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x | — |
Workaround
|
A flaw was found in JavaScript Cookie (js-cookie). This vulnerability allows a remote attacker to manipulate cookie attributes by exploiting a prototype pollution issue within the `assign()` helper function. When processing specially crafted JSON input, the flaw enables an attacker to hijack the prototype of a cookie's attribute object. This allows the attacker to set sensitive cookie attributes such as `domain`, `secure`, `samesite`, `expires`, and `path`, potentially leading to security bypasses or session manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x | — |
A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.22.6 for Red Hat OpenShift Service Mesh 3.3 is now available.\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.22.6, for Red Hat OpenShift Service Mesh 3.3, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-42338 openshift-service-mesh/kiali-ossmc-rhel9: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (OSSM-14065)\n* CVE-2026-42338 openshift-service-mesh/kiali-rhel9: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (OSSM-14060)\n* CVE-2026-39821 openshift-service-mesh/kiali-rhel9: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (OSSM-14071)\n* CVE-2026-44495 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure due to prototype pollution vulnerability (OSSM-14148)\n* CVE-2026-44495 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure due to prototype pollution vulnerability (OSSM-14147)\n* CVE-2026-44488 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Denial of Service due to unenforced request and response size limits (OSSM-14163)\n* CVE-2026-44488 openshift-service-mesh/kiali-rhel9: Axios: Denial of Service due to unenforced request and response size limits (OSSM-14161)\n* CVE-2026-44487 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure of proxy credentials via redirect flows (OSSM-14180)\n* CVE-2026-44487 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure of proxy credentials via redirect flows (OSSM-14179)\n* CVE-2026-44494 openshift-service-mesh/kiali-rhel9: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution (OSSM-14196)\n* CVE-2026-44494 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution (OSSM-14198)\n* CVE-2026-44496 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name (OSSM-14205)\n* CVE-2026-44496 openshift-service-mesh/kiali-rhel9: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name (OSSM-14217)\n* CVE-2026-44486 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure of proxy credentials via HTTP redirects (OSSM-14189)\n* CVE-2026-44486 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure of proxy credentials via HTTP redirects (OSSM-14221)\n* CVE-2026-44492 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization (OSSM-14228)\n* CVE-2026-44492 openshift-service-mesh/kiali-rhel9: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization (OSSM-14233)\n* CVE-2026-48779 openshift-service-mesh/kiali-rhel9: ws: Denial of Service via memory exhaustion from small WebSocket fragments (OSSM-14315)\n* CVE-2026-48779 openshift-service-mesh/kiali-ossmc-rhel9: ws: Denial of Service via memory exhaustion from small WebSocket fragments (OSSM-14313)\n* CVE-2026-12143 openshift-service-mesh/kiali-ossmc-rhel9: form-data: Form field override via CRLF injection (OSSM-14340)\n* CVE-2026-12143 openshift-service-mesh/kiali-rhel9: form-data: Form field override via CRLF injection (OSSM-14331)\n* CVE-2026-46625 openshift-service-mesh/kiali-ossmc-rhel9: JavaScript Cookie: Cookie attribute manipulation via prototype pollution (OSSM-14344)\n* CVE-2026-46625 openshift-service-mesh/kiali-rhel9: JavaScript Cookie: Cookie attribute manipulation via prototype pollution (OSSM-14345)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33183",
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-12143",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42338",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46625",
"url": "https://access.redhat.com/security/cve/CVE-2026-46625"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48779",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33183.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.22.6 for Red Hat OpenShift Service Mesh 3.3",
"tracking": {
"current_release_date": "2026-07-09T23:35:37+00:00",
"generator": {
"date": "2026-07-09T23:35:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:33183",
"initial_release_date": "2026-06-29T17:47:08+00:00",
"revision_history": [
{
"date": "2026-06-29T17:47:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T08:56:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T23:35:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201466"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-operator-bundle@sha256%3A69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-operator-bundle\u0026tag=1782295602"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3Aa9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator\u0026tag=1782231576"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782231869"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201466"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3A64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator\u0026tag=1782231576"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Aea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782231869"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Abea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201466"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3A9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator\u0026tag=1782231576"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782231869"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ab2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9\u0026tag=1782201466"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9-operator@sha256%3Ae68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator\u0026tag=1782231576"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9\u0026tag=1782231869"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-12143",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-06-12T19:00:57.360953+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488480"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (\") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: form-data: Form field override via CRLF injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important impact flaw in the form-data library: a remote attacker can inject arbitrary headers or additional multipart parts via CRLF injection in field names or filenames, potentially overriding sensitive form fields and affecting data integrity.\n\nFor RHOAI and RHEL AI, severity is Moderate because affected versions appear only as a transitive npm dependency in RHOAI (dashboard, mod-arch plugins, MLflow UI) and RHEL AI 3.4 bootc images, and those products use fixed field names for uploads rather than passing untrusted user input as multipart field names or filenames. The documented exploit path is therefore not reachable in default deployments. Practical impact is limited to non-default or custom integrations that forward multipart requests using attacker-controlled field names.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "RHBZ#2488480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488480"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/93.html",
"url": "https://cwe.mitre.org/data/definitions/93.html"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435",
"url": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229",
"url": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045",
"url": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx"
},
{
"category": "external",
"summary": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data",
"url": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/form-data",
"url": "https://www.npmjs.com/package/form-data"
}
],
"release_date": "2026-06-12T18:01:30.362000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:47:08+00:00",
"details": "See Kiali 2.22.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"category": "workaround",
"details": "Applications using the `form-data` library should implement strict input validation and sanitization for all field names and filenames derived from untrusted sources. This prevents the injection of control characters (CR, LF, \") that could lead to header injection or form field overrides. Deployments that exclusively use fixed or trusted field names are not impacted.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "form-data: form-data: Form field override via CRLF injection"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:47:08+00:00",
"details": "See Kiali 2.22.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:47:08+00:00",
"details": "See Kiali 2.22.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-44486",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:30.944384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in the Axios Node.js HTTP adapter. Red Hat products utilizing Axios in a Node.js environment with an authenticated proxy and automatic redirects enabled are susceptible. The vulnerability arises when a request, initially sent through an authenticated proxy, is redirected to a target that no longer uses the proxy, potentially leaking `Proxy-Authorization` headers containing sensitive credentials to an untrusted remote server. This risk is heightened in deployments where applications interact with untrusted HTTP origins.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "RHBZ#2487947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
"url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
}
],
"release_date": "2026-06-11T15:39:07.714000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:47:08+00:00",
"details": "See Kiali 2.22.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in Axios affecting Node.js environments. When an application uses Axios with an authenticated HTTP proxy and follows redirects from an HTTP to a non-proxied HTTPS destination, the Proxy-Authorization header may be inadvertently sent to the final origin server. This could lead to the exposure of sensitive proxy credentials to an unintended third party.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:47:08+00:00",
"details": "See Kiali 2.22.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A denial of service flaw was found in Axios, a JavaScript HTTP client library. This issue arises when applications utilize the `fetch` adapter, as configured request and response size limits are not properly enforced. A remote attacker could exploit this by sending or receiving excessively large data bodies, leading to resource exhaustion and potential denial of service in affected server-side applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:47:08+00:00",
"details": "See Kiali 2.22.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44492",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-11T17:00:56.761751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Axios, a JavaScript HTTP client library, that allows for a proxy bypass. When a `NO_PROXY` environment variable is configured to prevent direct connections to specific IPv4 addresses, an attacker can craft a request URL using the IPv4-mapped IPv6 address format. This bypasses the intended `NO_PROXY` exclusion, routing the request through the configured proxy and potentially exposing internal services or sensitive information, such as cloud instance metadata credentials.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "RHBZ#2487938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
}
],
"release_date": "2026-06-11T15:29:13.890000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:47:08+00:00",
"details": "See Kiali 2.22.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
},
{
"cve": "CVE-2026-44494",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:01:12.945664+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the Axios library allows an attacker to escalate existing prototype pollution vulnerabilities within an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. By injecting a malicious proxy configuration into the `Object.prototype`, an attacker can intercept, read, and modify all HTTP traffic, including sensitive authentication credentials, without direct user interaction. This poses a significant risk to data confidentiality and integrity in Red Hat products that utilize the Axios library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "RHBZ#2487942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
"url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
}
],
"release_date": "2026-06-11T15:32:03.155000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:47:08+00:00",
"details": "See Kiali 2.22.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in Axios, a promise-based HTTP client, can lead to information disclosure, including credential theft and response hijacking, or denial of service. Exploitation requires a separate prototype pollution vulnerability in the same JavaScript process, allowing an attacker to control `Object.prototype.transformResponse`. Red Hat products using affected Axios versions are at risk if another component introduces such pollution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:47:08+00:00",
"details": "See Kiali 2.22.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:47:08+00:00",
"details": "See Kiali 2.22.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-46625",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-10T22:01:17.685570+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in JavaScript Cookie (js-cookie). This vulnerability allows a remote attacker to manipulate cookie attributes by exploiting a prototype pollution issue within the `assign()` helper function. When processing specially crafted JSON input, the flaw enables an attacker to hijack the prototype of a cookie\u0027s attribute object. This allows the attacker to set sensitive cookie attributes such as `domain`, `secure`, `samesite`, `expires`, and `path`, potentially leading to security bypasses or session manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-cookie: JavaScript Cookie: Cookie attribute manipulation via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46625"
},
{
"category": "external",
"summary": "RHBZ#2487740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46625",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46625"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46625",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46625"
},
{
"category": "external",
"summary": "https://github.com/js-cookie/js-cookie/commit/eb3c40e89731e99b8970faaf35ddad249c6c0020",
"url": "https://github.com/js-cookie/js-cookie/commit/eb3c40e89731e99b8970faaf35ddad249c6c0020"
},
{
"category": "external",
"summary": "https://github.com/js-cookie/js-cookie/releases/tag/v3.0.7",
"url": "https://github.com/js-cookie/js-cookie/releases/tag/v3.0.7"
},
{
"category": "external",
"summary": "https://github.com/js-cookie/js-cookie/security/advisories/GHSA-qjx8-664m-686j",
"url": "https://github.com/js-cookie/js-cookie/security/advisories/GHSA-qjx8-664m-686j"
}
],
"release_date": "2026-06-10T21:18:05.372000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:47:08+00:00",
"details": "See Kiali 2.22.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "js-cookie: JavaScript Cookie: Cookie attribute manipulation via prototype pollution"
},
{
"cve": "CVE-2026-48779",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-16T22:01:24.571224+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489661"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `ws` WebSocket library. A remote attacker can exploit this flaw by sending a high volume of small, fragmented data, leading to excessive memory consumption and subsequent process termination. This can result in service disruption for Red Hat products that utilize `ws` for WebSocket communication.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "RHBZ#2489661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489661"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7",
"url": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53",
"url": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94",
"url": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8",
"url": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p"
}
],
"release_date": "2026-06-16T21:26:22.537000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T17:47:08+00:00",
"details": "See Kiali 2.22.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-operator-bundle@sha256:69ba86f602d01541695b2ab5e5a9db8ea6c6062af70de40d9b75b3d9b67a8abd_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:2031ccb4f6cc24c036fae7f291ecb59b05e6c0a49a0abfaea39eb444f7f7b6bc_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:50584bc28d045ff5db77e4973c70e59bae2f33a2cc87c400c17bd6eafd7466ba_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:577b284ce810c91c5f9a44f9be5aad96e77e0546f61b6dce376013c7ebf480be_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:ea66e2eb93ef01b30b2f4758e043a5c4a889df27a26a63334549fca91a8abd4b_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:64851d8db25a79dbab207e3b14599c7486f8bdc8fe0b16e6e614164228c2b405_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:9a8266a9c08cc1df3374ec3d0431c52b10275923e19cb767ee7633f71307ef73_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:a9e71a818f5bb5afc979df2dd3d9cc6a32a624155bac4a7672789bd2da2394e2_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9-operator@sha256:e68a0fd8f0a8ba0ccf8c0f973c7e739300a30169ad0def2eaa2fa944fc29ee4b_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4c3c63c71a4a2c1f28827c1270a2f74f251097296e348f8191ec560b33e42943_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6759b5f712098d890c6a5124fb513097050f70b54e7e3723df4e74a36a40c3f3_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:b2c57e67cd87fe061679de42f24c4d4d7ed7dbb0c07eb228db95b2eb6147d9f9_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:bea80650e9959da730b4fcde63752caa549f98759d2dc16009e7f8f44a2501d7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments"
}
]
}
RHSA-2026:33574
Vulnerability from csaf_redhat - Published: 2026-06-30 15:00 - Updated: 2026-07-09 23:02A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in json-2-csv. An attacker can bypass the `preventCsvInjection` option to inject malicious formulas into CSV (Comma Separated Values) files. When these manipulated CSV files are opened in spreadsheet applications, the injected formulas can execute, potentially leading to arbitrary code execution or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in the `crypto/x509` package of `golang`. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name (SAN) entries. The certificate verification process, specifically the `VerifyHostname` function, incurs excessive computational overhead due to repeated string operations when processing these entries. This can lead to a significant performance degradation or unresponsiveness of systems validating such certificates.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in systeminformation, a Node.js library. This vulnerability allows a local attacker on Linux to inject arbitrary commands. This occurs when an active NetworkManager connection profile name contains shell metacharacters, which are not properly sanitized before being used in shell commands. Successful exploitation can lead to arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. A remote attacker can exploit this vulnerability by combining specific Buffer function calls and Node.js's ERR_INVALID_ARG_TYPE error. This allows the attacker to obtain the host's TypeError constructor, leading to an escape from the sandbox. Consequently, this enables attackers to run arbitrary code on the host system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. An attacker within the sandbox could exploit incomplete symbol interception and missing security checks to gain control over the host system. This could allow the attacker to execute arbitrary code outside the sandbox environment, leading to a complete compromise of the host.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. A remote attacker could bypass a security check designed to prevent the combination of nested environments and disabled module loading. This bypass occurs because a strict equality check for the `require` option can be circumvented by simply omitting the option, leading to an unintended configuration. Successful exploitation of this vulnerability could allow an attacker to escape the sandbox and achieve arbitrary code execution on the host system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, a Node.js sandbox. This vulnerability allows sandboxed code to bypass network restrictions by utilizing internal HTTP built-ins, such as _http_client and _http_server. An attacker can exploit this to make outbound HTTP requests or open listening HTTP sockets, even when public network modules are explicitly denied. This could lead to unauthorized information disclosure or further compromise of the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows sandboxed code to bypass intended security restrictions by exploiting missing entries in the denylist for dangerous Node.js built-in functions, specifically `process` and `inspector/promises`. A remote attacker can leverage this to execute arbitrary code in the host process, leading to a complete compromise of the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. Prior to version 3.11.4, NodeVM, a component of vm2, improperly exposed certain process-wide observability builtins, such as diagnostics_channel, async_hooks, and perf_hooks. These builtins, which are designed for monitoring and debugging, were not adequately blocked by the dangerous builtin denylist. This oversight allowed sandboxed code to observe sensitive host application data, leading to information disclosure across the vm2 security boundary.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by writing malicious code. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to bypass security restrictions by writing dangerous cross-realm Symbol keys to host objects. This can lead to a compromise of the integrity of the host system, potentially enabling arbitrary code execution within the Node.js environment. The issue stems from the BaseHandler.set trap in bridge.js, which incorrectly writes to the host target object even when inherited property assignments should create an own property on the receiver.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.9.6 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33574",
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27145",
"url": "https://access.redhat.com/security/cve/CVE-2026-27145"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42338",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44724",
"url": "https://access.redhat.com/security/cve/CVE-2026-44724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45736",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47131",
"url": "https://access.redhat.com/security/cve/CVE-2026-47131"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47135",
"url": "https://access.redhat.com/security/cve/CVE-2026-47135"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47137",
"url": "https://access.redhat.com/security/cve/CVE-2026-47137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47139",
"url": "https://access.redhat.com/security/cve/CVE-2026-47139"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47140",
"url": "https://access.redhat.com/security/cve/CVE-2026-47140"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47141",
"url": "https://access.redhat.com/security/cve/CVE-2026-47141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47208",
"url": "https://access.redhat.com/security/cve/CVE-2026-47208"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47209",
"url": "https://access.redhat.com/security/cve/CVE-2026-47209"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48779",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9277",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9673",
"url": "https://access.redhat.com/security/cve/CVE-2026-9673"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-3081",
"url": "https://issues.redhat.com/browse/RHDHBUGS-3081"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-3369",
"url": "https://issues.redhat.com/browse/RHDHBUGS-3369"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13319",
"url": "https://issues.redhat.com/browse/RHIDP-13319"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13408",
"url": "https://issues.redhat.com/browse/RHIDP-13408"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13446",
"url": "https://issues.redhat.com/browse/RHIDP-13446"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13451",
"url": "https://issues.redhat.com/browse/RHIDP-13451"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13457",
"url": "https://issues.redhat.com/browse/RHIDP-13457"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13488",
"url": "https://issues.redhat.com/browse/RHIDP-13488"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13966",
"url": "https://issues.redhat.com/browse/RHIDP-13966"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14572",
"url": "https://issues.redhat.com/browse/RHIDP-14572"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14597",
"url": "https://issues.redhat.com/browse/RHIDP-14597"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14703",
"url": "https://issues.redhat.com/browse/RHIDP-14703"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14733",
"url": "https://issues.redhat.com/browse/RHIDP-14733"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14735",
"url": "https://issues.redhat.com/browse/RHIDP-14735"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14736",
"url": "https://issues.redhat.com/browse/RHIDP-14736"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14738",
"url": "https://issues.redhat.com/browse/RHIDP-14738"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14740",
"url": "https://issues.redhat.com/browse/RHIDP-14740"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14743",
"url": "https://issues.redhat.com/browse/RHIDP-14743"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14744",
"url": "https://issues.redhat.com/browse/RHIDP-14744"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14831",
"url": "https://issues.redhat.com/browse/RHIDP-14831"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14835",
"url": "https://issues.redhat.com/browse/RHIDP-14835"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14837",
"url": "https://issues.redhat.com/browse/RHIDP-14837"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14895",
"url": "https://issues.redhat.com/browse/RHIDP-14895"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14936",
"url": "https://issues.redhat.com/browse/RHIDP-14936"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14937",
"url": "https://issues.redhat.com/browse/RHIDP-14937"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14939",
"url": "https://issues.redhat.com/browse/RHIDP-14939"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14941",
"url": "https://issues.redhat.com/browse/RHIDP-14941"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14943",
"url": "https://issues.redhat.com/browse/RHIDP-14943"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-15033",
"url": "https://issues.redhat.com/browse/RHIDP-15033"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-15039",
"url": "https://issues.redhat.com/browse/RHIDP-15039"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-15042",
"url": "https://issues.redhat.com/browse/RHIDP-15042"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-15067",
"url": "https://issues.redhat.com/browse/RHIDP-15067"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-15073",
"url": "https://issues.redhat.com/browse/RHIDP-15073"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-15145",
"url": "https://issues.redhat.com/browse/RHIDP-15145"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33574.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.9.6 release.",
"tracking": {
"current_release_date": "2026-07-09T23:02:42+00:00",
"generator": {
"date": "2026-07-09T23:02:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:33574",
"initial_release_date": "2026-06-30T15:00:33+00:00",
"revision_history": [
{
"date": "2026-06-30T15:00:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-30T15:00:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T23:02:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.9",
"product": {
"name": "Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.9::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9\u0026tag=1782761244"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-rhel9-operator\u0026tag=1782767215"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-operator-bundle\u0026tag=1782772967"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 as a component of Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 as a component of Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 as a component of Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-9277",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-22T14:01:14.427751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "RHBZ#2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote",
"url": "https://github.com/ljharb/shell-quote"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/commit/1518179",
"url": "https://github.com/ljharb/shell-quote/commit/1518179"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
"url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/shell-quote",
"url": "https://www.npmjs.com/package/shell-quote"
}
],
"release_date": "2026-05-22T13:22:38.873000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
},
{
"cve": "CVE-2026-9673",
"cwe": {
"id": "CWE-1236",
"name": "Improper Neutralization of Formula Elements in a CSV File"
},
"discovery_date": "2026-05-28T06:01:00.245616+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in json-2-csv. An attacker can bypass the `preventCsvInjection` option to inject malicious formulas into CSV (Comma Separated Values) files. When these manipulated CSV files are opened in spreadsheet applications, the injected formulas can execute, potentially leading to arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-2-csv: json-2-csv: CSV Injection vulnerability allows arbitrary code execution via `preventCsvInjection` bypass.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate vulnerability in `json-2-csv` allows for CSV Injection due to a bypass in the `preventCsvInjection` option. While exploitation requires a user to open a specially crafted CSV file in a spreadsheet application, successful attacks could lead to arbitrary code execution or information disclosure. This affects Red Hat Developer Hub and Red Hat Ansible Automation Platform when processing untrusted data that is subsequently exported to CSV and opened by a user.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9673"
},
{
"category": "external",
"summary": "RHBZ#2482486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9673"
},
{
"category": "external",
"summary": "https://gist.github.com/whoamins/299745a2d36b482b44e9613b78e40613",
"url": "https://gist.github.com/whoamins/299745a2d36b482b44e9613b78e40613"
},
{
"category": "external",
"summary": "https://github.com/mrodrig/json-2-csv/blob/main/src/json2csv.ts%23L410",
"url": "https://github.com/mrodrig/json-2-csv/blob/main/src/json2csv.ts%23L410"
},
{
"category": "external",
"summary": "https://github.com/mrodrig/json-2-csv/commit/0fdd0bb6d0273178cd940afc323ccbce19688229",
"url": "https://github.com/mrodrig/json-2-csv/commit/0fdd0bb6d0273178cd940afc323ccbce19688229"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSON2CSV-14221326",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSON2CSV-14221326"
}
],
"release_date": "2026-05-28T05:00:02.387000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json-2-csv: json-2-csv: CSV Injection vulnerability allows arbitrary code execution via `preventCsvInjection` bypass."
},
{
"cve": "CVE-2026-27145",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-06-02T23:01:08.992540+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2484207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package of `golang`. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name (SAN) entries. The certificate verification process, specifically the `VerifyHostname` function, incurs excessive computational overhead due to repeated string operations when processing these entries. This can lead to a significant performance degradation or unresponsiveness of systems validating such certificates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in the Go standard library crypto/x509 package. When verifying a TLS certificate hostname, VerifyHostname processed each DNS Subject Alternative Name (SAN) entry in a loop and repeatedly split the candidate hostname on \".\" characters. For certificates with a very large DNS SAN list, CPU use could grow quadratically with the number of SAN entries and hostname labels. Because hostname verification runs before the certificate chain is built, this overhead can occur even when the certificate is not trusted.\n\nRed Hat rates this issue as Important. It affects Red Hat products that include the Go standard library crypto/x509 code from an affected Go toolchain version (before Go 1.25.11, or from Go 1.26.0 through Go 1.26.3). Applications and container images built with a fixed Go release (1.25.11 or later, or 1.26.4 or later) are not affected. Community distributions such as Fedora are also affected.\n\nUpstream fix: Go 1.25.11 and Go 1.26.4 (GO-2026-5037).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27145"
},
{
"category": "external",
"summary": "RHBZ#2484207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27145"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27145",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27145"
},
{
"category": "external",
"summary": "https://go.dev/cl/783621",
"url": "https://go.dev/cl/783621"
},
{
"category": "external",
"summary": "https://go.dev/issue/79694",
"url": "https://go.dev/issue/79694"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw",
"url": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5037",
"url": "https://pkg.go.dev/vuln/GO-2026-5037"
}
],
"release_date": "2026-06-02T22:01:36.954000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "A flaw was found in the Go standard library crypto/x509 package. When verifying a TLS certificate hostname, VerifyHostname processed each DNS Subject Alternative Name (SAN) entry in a loop and repeatedly split the candidate hostname on \".\" characters. For certificates with a very large DNS SAN list, CPU use could grow quadratically with the number of SAN entries and hostname labels. Because hostname verification runs before the certificate chain is built, this overhead can occur even when the certificate is not trusted.\n\nRed Hat rates this issue as Important. It affects Red Hat products that include the Go standard library crypto/x509 code from an affected Go toolchain version (before Go 1.25.11, or from Go 1.26.0 through Go 1.26.3). Applications and container images built with a fixed Go release (1.25.11 or later, or 1.26.4 or later) are not affected. Community distributions such as Fedora are also affected.\n\nUpstream fix: Go 1.25.11 and Go 1.26.4 (GO-2026-5037).",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries"
},
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
},
{
"cve": "CVE-2026-44486",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:30.944384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in the Axios Node.js HTTP adapter. Red Hat products utilizing Axios in a Node.js environment with an authenticated proxy and automatic redirects enabled are susceptible. The vulnerability arises when a request, initially sent through an authenticated proxy, is redirected to a target that no longer uses the proxy, potentially leaking `Proxy-Authorization` headers containing sensitive credentials to an untrusted remote server. This risk is heightened in deployments where applications interact with untrusted HTTP origins.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "RHBZ#2487947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
"url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
}
],
"release_date": "2026-06-11T15:39:07.714000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in Axios affecting Node.js environments. When an application uses Axios with an authenticated HTTP proxy and follows redirects from an HTTP to a non-proxied HTTPS destination, the Proxy-Authorization header may be inadvertently sent to the final origin server. This could lead to the exposure of sensitive proxy credentials to an unintended third party.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A denial of service flaw was found in Axios, a JavaScript HTTP client library. This issue arises when applications utilize the `fetch` adapter, as configured request and response size limits are not properly enforced. A remote attacker could exploit this by sending or receiving excessively large data bodies, leading to resource exhaustion and potential denial of service in affected server-side applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44492",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-11T17:00:56.761751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Axios, a JavaScript HTTP client library, that allows for a proxy bypass. When a `NO_PROXY` environment variable is configured to prevent direct connections to specific IPv4 addresses, an attacker can craft a request URL using the IPv4-mapped IPv6 address format. This bypasses the intended `NO_PROXY` exclusion, routing the request through the configured proxy and potentially exposing internal services or sensitive information, such as cloud instance metadata credentials.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "RHBZ#2487938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
}
],
"release_date": "2026-06-11T15:29:13.890000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
},
{
"cve": "CVE-2026-44494",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:01:12.945664+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the Axios library allows an attacker to escalate existing prototype pollution vulnerabilities within an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. By injecting a malicious proxy configuration into the `Object.prototype`, an attacker can intercept, read, and modify all HTTP traffic, including sensitive authentication credentials, without direct user interaction. This poses a significant risk to data confidentiality and integrity in Red Hat products that utilize the Axios library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "RHBZ#2487942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
"url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
}
],
"release_date": "2026-06-11T15:32:03.155000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in Axios, a promise-based HTTP client, can lead to information disclosure, including credential theft and response hijacking, or denial of service. Exploitation requires a separate prototype pollution vulnerability in the same JavaScript process, allowing an attacker to control `Object.prototype.transformResponse`. Red Hat products using affected Axios versions are at risk if another component introduces such pollution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-44724",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-27T21:02:14.837088+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in systeminformation, a Node.js library. This vulnerability allows a local attacker on Linux to inject arbitrary commands. This occurs when an active NetworkManager connection profile name contains shell metacharacters, which are not properly sanitized before being used in shell commands. Successful exploitation can lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systeminformation: systeminformation: Command injection via NetworkManager connection profile name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the `systeminformation` Node.js library allows a local attacker to achieve arbitrary command execution on Linux systems. The vulnerability arises when an active NetworkManager connection profile name contains shell metacharacters, which are not properly sanitized before being processed by the library. Exploitation requires the attacker to have privileges to create or rename NetworkManager connection profiles.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44724"
},
{
"category": "external",
"summary": "RHBZ#2482416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44724",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44724"
},
{
"category": "external",
"summary": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9",
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9"
}
],
"release_date": "2026-05-27T19:26:28.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "systeminformation: systeminformation: Command injection via NetworkManager connection profile name"
},
{
"cve": "CVE-2026-45736",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-05-15T16:00:55.786944+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477914"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in the `ws` WebSocket library for Node.js could lead to sensitive information disclosure. The flaw occurs when a `TypedArray` is specifically provided as the `reason` argument to the `websocket.close()` function, potentially exposing uninitialized memory. Red Hat products utilizing this library may be affected if their implementations allow for such a crafted `close()` call.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "RHBZ#2477914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086",
"url": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx"
}
],
"release_date": "2026-05-15T14:53:57.263000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`"
},
{
"cve": "CVE-2026-47131",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-06-12T15:01:52.744009+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488393"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. A remote attacker can exploit this vulnerability by combining specific Buffer function calls and Node.js\u0027s ERR_INVALID_ARG_TYPE error. This allows the attacker to obtain the host\u0027s TypeError constructor, leading to an escape from the sandbox. Consequently, this enables attackers to run arbitrary code on the host system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Arbitrary code execution via sandbox escape vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated the impact of this vulnerability as Moderate in Red Hat Developer Hub and Ansible Automation Platform.The affected package is present in both products as a transitive dependency; however, the vulnerable sandbox functionality is not invoked in any production code path. The active sandboxing mechanism used by both products does not rely on this package, and user-supplied input cannot reach the vulnerable code under a standard deployment. Exploitation would require an attacker to independently route arbitrary JavaScript into the sandbox runtime, a condition not present in the default configuration of either product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47131"
},
{
"category": "external",
"summary": "RHBZ#2488393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47131",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47131"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/27c525f4615e2b983f122e2bed327d810126f5c8",
"url": "https://github.com/patriksimek/vm2/commit/27c525f4615e2b983f122e2bed327d810126f5c8"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v6mx-mf47-r5wg",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v6mx-mf47-r5wg"
}
],
"release_date": "2026-06-12T14:14:17.037000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Arbitrary code execution via sandbox escape vulnerability"
},
{
"cve": "CVE-2026-47135",
"cwe": {
"id": "CWE-1100",
"name": "Insufficient Isolation of System-Dependent Functions"
},
"discovery_date": "2026-06-12T15:02:02.154869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488396"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. An attacker within the sandbox could exploit incomplete symbol interception and missing security checks to gain control over the host system. This could allow the attacker to execute arbitrary code outside the sandbox environment, leading to a complete compromise of the host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Sandbox escape allows arbitrary code execution on the host system",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as Moderate for Red Hat Developer Hub and Red Hat Ansible Automation Platform. The vm2 sandbox exists as a transitive dependency in Red Hat Developer Hub and is only utilized during build time. The sandbox is therefore not exposed on the production code path. Exploitation of this vulnerability requires attackers to write cross-realm symbol keys to host objects which is not possible in the default configuration of Red Hat Developer Hub.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47135"
},
{
"category": "external",
"summary": "RHBZ#2488396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488396"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47135"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/928aef51898b5c52a05f05a40c4cfeb52e172878",
"url": "https://github.com/patriksimek/vm2/commit/928aef51898b5c52a05f05a40c4cfeb52e172878"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-m5q2-4fm3-vfqp",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-m5q2-4fm3-vfqp"
}
],
"release_date": "2026-06-12T14:14:42.022000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Sandbox escape allows arbitrary code execution on the host system"
},
{
"cve": "CVE-2026-47137",
"cwe": {
"id": "CWE-480",
"name": "Use of Incorrect Operator"
},
"discovery_date": "2026-06-12T15:01:24.611905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488385"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. A remote attacker could bypass a security check designed to prevent the combination of nested environments and disabled module loading. This bypass occurs because a strict equality check for the `require` option can be circumvented by simply omitting the option, leading to an unintended configuration. Successful exploitation of this vulnerability could allow an attacker to escape the sandbox and achieve arbitrary code execution on the host system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Sandbox escape leading to arbitrary code execution via security bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated the impact of this vulnerability as Moderate in Red Hat Developer Hub and Ansible Automation Platform.The affected package is present in both products as a transitive dependency; however, the vulnerable sandbox functionality is not invoked in any production code path. The active sandboxing mechanism used by both products does not rely on this package, and user-supplied input cannot reach the vulnerable code under a standard deployment. Exploitation would require an attacker to independently route arbitrary JavaScript into the sandbox runtime, a condition not present in the default configuration of either product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47137"
},
{
"category": "external",
"summary": "RHBZ#2488385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47137"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-g644-9gfx-q4q4",
"url": "https://github.com/advisories/GHSA-g644-9gfx-q4q4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/01a7552add345d5a6862623884e6b79a85bf0568",
"url": "https://github.com/patriksimek/vm2/commit/01a7552add345d5a6862623884e6b79a85bf0568"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/86ab819f202c3a8dad88cef5705f2e416c5188d7",
"url": "https://github.com/patriksimek/vm2/commit/86ab819f202c3a8dad88cef5705f2e416c5188d7"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-m4wx-m65x-ghrr",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-m4wx-m65x-ghrr"
}
],
"release_date": "2026-06-12T14:15:34.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vm2: vm2: Sandbox escape leading to arbitrary code execution via security bypass"
},
{
"cve": "CVE-2026-47139",
"cwe": {
"id": "CWE-1100",
"name": "Insufficient Isolation of System-Dependent Functions"
},
"discovery_date": "2026-06-12T15:01:31.104545+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, a Node.js sandbox. This vulnerability allows sandboxed code to bypass network restrictions by utilizing internal HTTP built-ins, such as _http_client and _http_server. An attacker can exploit this to make outbound HTTP requests or open listening HTTP sockets, even when public network modules are explicitly denied. This could lead to unauthorized information disclosure or further compromise of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Sandbox escape via internal HTTP built-ins leading to network restriction bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as Moderate for Red Hat Developer Hub and Red Hat Ansible Automation Platform. The vm2 sandbox exists as a transitive dependency in Red Hat Developer Hub and is only utilized during build time. The sandbox is therefore not exposed on the production code path. Exploitation of this vulnerability requires attackers to access internal HTTP built-ins which is not possible in the default configuration of Red Hat Developer Hub.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47139"
},
{
"category": "external",
"summary": "RHBZ#2488387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47139"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47139",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47139"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/436053e30eecbabd487e2fd2959c137ac34e2bb1",
"url": "https://github.com/patriksimek/vm2/commit/436053e30eecbabd487e2fd2959c137ac34e2bb1"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-r9pm-gxmw-wv6p",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-r9pm-gxmw-wv6p"
}
],
"release_date": "2026-06-12T14:15:44.652000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Sandbox escape via internal HTTP built-ins leading to network restriction bypass"
},
{
"cve": "CVE-2026-47140",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"discovery_date": "2026-06-12T15:01:11.705175+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488381"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows sandboxed code to bypass intended security restrictions by exploiting missing entries in the denylist for dangerous Node.js built-in functions, specifically `process` and `inspector/promises`. A remote attacker can leverage this to execute arbitrary code in the host process, leading to a complete compromise of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated the impact of this vulnerability as Moderate in Red Hat Developer Hub and Ansible Automation Platform.The affected package is present in both products as a transitive dependency; however, the vulnerable sandbox functionality is not invoked in any production code path. The active sandboxing mechanism used by both products does not rely on this package, and user-supplied input cannot reach the vulnerable code under a standard deployment. Exploitation would require an attacker to independently route arbitrary JavaScript into the sandbox runtime, a condition not present in the default configuration of either product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47140"
},
{
"category": "external",
"summary": "RHBZ#2488381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47140"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47140",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47140"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/a1ed47a98d1cc36cb48c0d566d55889688e0b59b",
"url": "https://github.com/patriksimek/vm2/commit/a1ed47a98d1cc36cb48c0d566d55889688e0b59b"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-rp36-8xq3-r6c4",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-rp36-8xq3-r6c4"
}
],
"release_date": "2026-06-12T14:16:10.727000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions"
},
{
"cve": "CVE-2026-47141",
"cwe": {
"id": "CWE-653",
"name": "Improper Isolation or Compartmentalization"
},
"discovery_date": "2026-06-12T15:01:05.444374+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. Prior to version 3.11.4, NodeVM, a component of vm2, improperly exposed certain process-wide observability builtins, such as diagnostics_channel, async_hooks, and perf_hooks. These builtins, which are designed for monitoring and debugging, were not adequately blocked by the dangerous builtin denylist. This oversight allowed sandboxed code to observe sensitive host application data, leading to information disclosure across the vm2 security boundary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: NodeVM observability builtins leak host process and HTTP request data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as Moderate for Red Hat Developer Hub and Red Hat Ansible Automation Platform. The vm2 sandbox exists as a transitive dependency in Red Hat Developer Hub and is only utilized during build time. The sandbox is therefore not exposed on the production code path. Exploitation of this vulnerability requires attackers to access process-wide observability builtins which is not possible in the default configuration of Red Hat Developer Hub.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47141"
},
{
"category": "external",
"summary": "RHBZ#2488379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47141"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb",
"url": "https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f"
}
],
"release_date": "2026-06-12T14:17:35.970000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: NodeVM observability builtins leak host process and HTTP request data"
},
{
"cve": "CVE-2026-47208",
"discovery_date": "2026-06-12T15:01:14.630546+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488382"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by writing malicious code. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Sandbox Breakout Using Promise Species",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires an attacker to supply untrusted malicious code to the vm2 sandbox, which is easily achieved since the component\u0027s main purpose is to execute untrusted code.\n\nEscaping the sandbox completely bypasses the intended security boundaries, leading directly to arbitrary code execution on the host system and a full compromise of confidentiality and integrity",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47208"
},
{
"category": "external",
"summary": "RHBZ#2488382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488382"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47208",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47208"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/a462655009669c3124ee39498121651597529ea8",
"url": "https://github.com/patriksimek/vm2/commit/a462655009669c3124ee39498121651597529ea8"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-76w7-j9cq-rx2j",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-76w7-j9cq-rx2j"
}
],
"release_date": "2026-06-12T14:16:22.726000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Sandbox Breakout Using Promise Species"
},
{
"cve": "CVE-2026-47209",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-12T15:02:05.339635+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488397"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to bypass security restrictions by writing dangerous cross-realm Symbol keys to host objects. This can lead to a compromise of the integrity of the host system, potentially enabling arbitrary code execution within the Node.js environment. The issue stems from the BaseHandler.set trap in bridge.js, which incorrectly writes to the host target object even when inherited property assignments should create an own property on the receiver.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Integrity bypass via incorrect property assignment leading to potential arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as Moderate for Red Hat Developer Hub and Red Hat Ansible Automation Platform. The vm2 sandbox exists as a transitive dependency in Red Hat Developer Hub and is only utilized during build time. The sandbox is therefore not exposed on the production code path. Exploitation of this vulnerability requires attackers to write cross-realm symbol keys to host objects which is not possible in the default configuration of Red Hat Developer Hub.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47209"
},
{
"category": "external",
"summary": "RHBZ#2488397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47209"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47209",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47209"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/26d0318b5e6555be4b187ba05d6cf378ccecfe22",
"url": "https://github.com/patriksimek/vm2/commit/26d0318b5e6555be4b187ba05d6cf378ccecfe22"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-c4cf-2hgv-2qv6",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-c4cf-2hgv-2qv6"
}
],
"release_date": "2026-06-12T14:14:06.455000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Integrity bypass via incorrect property assignment leading to potential arbitrary code execution"
},
{
"cve": "CVE-2026-48779",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-16T22:01:24.571224+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489661"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `ws` WebSocket library. A remote attacker can exploit this flaw by sending a high volume of small, fragmented data, leading to excessive memory consumption and subsequent process termination. This can result in service disruption for Red Hat products that utilize `ws` for WebSocket communication.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "RHBZ#2489661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489661"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7",
"url": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53",
"url": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94",
"url": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8",
"url": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p"
}
],
"release_date": "2026-06-16T21:26:22.537000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments"
}
]
}
RHSA-2026:34374
Vulnerability from csaf_redhat - Published: 2026-07-01 16:35 - Updated: 2026-07-09 23:02A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI's intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64 | — |
A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to write generated script wrappers outside the intended installation directory, leading to arbitrary file overwrite. This can severely impact system integrity and availability, and in certain scenarios, may lead to arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64 | — |
Workaround
|
A flaw was found in dynaconf, a Python configuration management tool. This Server-Side Template Injection (SSTI) vulnerability occurs due to unsafe template evaluation in the @Jinja resolver when the jinja2 package is installed. A remote attacker could exploit this by embedding malicious template expressions in configuration values, which are then processed without a sandboxed environment. This could lead to arbitrary code execution on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64 | — |
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64 | — |
Workaround
|
A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe expression within the toObject conversion function, ultimately allowing the attacker to execute arbitrary code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64 | — |
Workaround
|
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64 | — |
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64 | — |
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64 | — |
Workaround
|
A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64 | — |
A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64 | — | ||
| Unresolved product id: Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Ansible Automation Platform 2.6",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.\n\nFor details about this release, refer to the release notes listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:34374",
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33154",
"url": "https://access.redhat.com/security/cve/CVE-2026-33154"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42338",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44293",
"url": "https://access.redhat.com/security/cve/CVE-2026-44293"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45736",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48526",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6322",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-8643",
"url": "https://access.redhat.com/security/cve/CVE-2026-8643"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/whats_new-async_updates",
"url": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/whats_new-async_updates"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34374.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update",
"tracking": {
"current_release_date": "2026-07-09T23:02:43+00:00",
"generator": {
"date": "2026-07-09T23:02:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:34374",
"initial_release_date": "2026-07-01T16:35:24+00:00",
"revision_history": [
{
"date": "2026-07-01T16:35:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-01T16:35:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T23:02:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.6",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-operator-bundle@sha256%3Ad090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform/platform-operator-bundle\u0026tag=1782771101"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-server-rhel9@sha256%3Acb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9\u0026tag=1782721130"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel9@sha256%3A7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9\u0026tag=1782750560"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-operator-bundle@sha256%3Aa6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform/platform-operator-bundle\u0026tag=1782771099"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel9@sha256%3A22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9\u0026tag=1782606246"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-devspaces-rhel9@sha256%3A8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9\u0026tag=1782606674"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel9@sha256%3Abdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9\u0026tag=1782729782"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel9@sha256%3A990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9\u0026tag=1782650747"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9@sha256%3A883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9\u0026tag=1782755166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9-operator@sha256%3Adf72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator\u0026tag=1782606025"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-tools-rhel9@sha256%3A09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9\u0026tag=1782712006"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9@sha256%3A4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/controller-rhel9\u0026tag=1782766803"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9-operator@sha256%3Ac1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator\u0026tag=1782606030"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9@sha256%3A8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9\u0026tag=1782756572"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9-operator@sha256%3Abc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator\u0026tag=1782606254"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel9@sha256%3A51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9\u0026tag=1782759313"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9@sha256%3A23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/gateway-rhel9\u0026tag=1782761510"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9-operator@sha256%3A9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator\u0026tag=1782606518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel9@sha256%3A96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9\u0026tag=1782606863"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9@sha256%3Aac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/hub-rhel9\u0026tag=1782755272"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9-operator@sha256%3A4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator\u0026tag=1782606443"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel9@sha256%3A46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9\u0026tag=1782759318"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9-operator@sha256%3Ada0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator\u0026tag=1782606583"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9@sha256%3A690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9\u0026tag=1782756873"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel9@sha256%3A91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9\u0026tag=1782711769"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel9@sha256%3A49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9\u0026tag=1782713671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel9@sha256%3A7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9\u0026tag=1782726413"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel9@sha256%3Af1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9\u0026tag=1782731097"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel9-operator@sha256%3A180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator\u0026tag=1782606842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel9@sha256%3A3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9\u0026tag=1782739336"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel9@sha256%3A457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/receptor-rhel9\u0026tag=1782710613"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-server-rhel9@sha256%3A72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9\u0026tag=1782721130"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel9@sha256%3Abd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9\u0026tag=1782750560"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel9@sha256%3A3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9\u0026tag=1782606246"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-devspaces-rhel9@sha256%3A98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9\u0026tag=1782606674"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel9@sha256%3Ad7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9\u0026tag=1782729782"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel9@sha256%3A866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9\u0026tag=1782650747"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9@sha256%3A72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9\u0026tag=1782755166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9-operator@sha256%3A8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator\u0026tag=1782606025"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcp-tools-rhel9@sha256%3A78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9\u0026tag=1782712006"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9@sha256%3A5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/controller-rhel9\u0026tag=1782766803"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9-operator@sha256%3A54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator\u0026tag=1782606030"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9@sha256%3Aafe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9\u0026tag=1782756572"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9-operator@sha256%3Abf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator\u0026tag=1782606254"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel9@sha256%3A20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9\u0026tag=1782759313"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9@sha256%3A870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/gateway-rhel9\u0026tag=1782761510"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9-operator@sha256%3Ac458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator\u0026tag=1782606518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel9@sha256%3A9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9\u0026tag=1782606863"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9@sha256%3A20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/hub-rhel9\u0026tag=1782755272"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9-operator@sha256%3A2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator\u0026tag=1782606443"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel9@sha256%3A29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9\u0026tag=1782759318"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9-operator@sha256%3Afd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator\u0026tag=1782606583"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9@sha256%3Abc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9\u0026tag=1782756873"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel9@sha256%3A5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9\u0026tag=1782711769"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel9@sha256%3A99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9\u0026tag=1782713671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel9@sha256%3Afa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9\u0026tag=1782726413"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel9@sha256%3A01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9\u0026tag=1782731097"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel9-operator@sha256%3Ad08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator\u0026tag=1782606842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel9@sha256%3Aeb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9\u0026tag=1782739336"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel9@sha256%3A31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/receptor-rhel9\u0026tag=1782710613"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcp-server-rhel9@sha256%3Ae863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9\u0026tag=1782721130"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel9@sha256%3A51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9\u0026tag=1782750560"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel9@sha256%3A21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9\u0026tag=1782606246"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ansible-devspaces-rhel9@sha256%3A1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9\u0026tag=1782606674"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel9@sha256%3Aea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9\u0026tag=1782729782"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel9@sha256%3A19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9\u0026tag=1782650747"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9@sha256%3A9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9\u0026tag=1782755166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9-operator@sha256%3Aa0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator\u0026tag=1782606025"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcp-tools-rhel9@sha256%3A8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9\u0026tag=1782712006"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9@sha256%3Aeac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/controller-rhel9\u0026tag=1782766803"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9-operator@sha256%3Afb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator\u0026tag=1782606030"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9@sha256%3Afd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9\u0026tag=1782756572"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9-operator@sha256%3A6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator\u0026tag=1782606254"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel9@sha256%3Ad4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9\u0026tag=1782759313"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9@sha256%3Afc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/gateway-rhel9\u0026tag=1782761510"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9-operator@sha256%3A6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator\u0026tag=1782606518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel9@sha256%3A6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9\u0026tag=1782606863"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9@sha256%3A7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/hub-rhel9\u0026tag=1782755272"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9-operator@sha256%3Aab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator\u0026tag=1782606443"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel9@sha256%3Acd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9\u0026tag=1782759318"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9-operator@sha256%3A7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator\u0026tag=1782606583"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9@sha256%3A6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9\u0026tag=1782756873"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel9@sha256%3A4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9\u0026tag=1782711769"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel9@sha256%3Acf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9\u0026tag=1782713671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel9@sha256%3A47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9\u0026tag=1782726413"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel9@sha256%3A155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9\u0026tag=1782731097"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel9-operator@sha256%3Aedcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator\u0026tag=1782606842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel9@sha256%3A06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9\u0026tag=1782739336"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel9@sha256%3A6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/receptor-rhel9\u0026tag=1782710613"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcp-server-rhel9@sha256%3A753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9\u0026tag=1782721130"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel9@sha256%3A5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9\u0026tag=1782750560"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel9@sha256%3A35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9\u0026tag=1782606246"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ansible-devspaces-rhel9@sha256%3A75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9\u0026tag=1782606674"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel9@sha256%3A25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9\u0026tag=1782729782"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel9@sha256%3A05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9\u0026tag=1782650747"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9@sha256%3A5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9\u0026tag=1782755166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel9-operator@sha256%3A64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator\u0026tag=1782606025"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcp-tools-rhel9@sha256%3A0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9\u0026tag=1782712006"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9@sha256%3A1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/controller-rhel9\u0026tag=1782766803"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel9-operator@sha256%3A49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator\u0026tag=1782606030"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9@sha256%3A86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9\u0026tag=1782756572"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel9-operator@sha256%3Afeffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator\u0026tag=1782606254"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel9@sha256%3A01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9\u0026tag=1782759313"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9@sha256%3Ab3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/gateway-rhel9\u0026tag=1782761510"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel9-operator@sha256%3A7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator\u0026tag=1782606518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel9@sha256%3A008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9\u0026tag=1782606863"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9@sha256%3A94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/hub-rhel9\u0026tag=1782755272"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel9-operator@sha256%3A635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator\u0026tag=1782606443"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel9@sha256%3Ac314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9\u0026tag=1782759318"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9-operator@sha256%3A1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator\u0026tag=1782606583"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"product_identification_helper": {
"purl": "pkg:oci/metrics-service-rhel9@sha256%3Ad954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9\u0026tag=1782756873"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel9@sha256%3Adf6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9\u0026tag=1782711769"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel9@sha256%3A5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9\u0026tag=1782713671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel9@sha256%3A201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9\u0026tag=1782726413"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel9@sha256%3Aaa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9\u0026tag=1782731097"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel9-operator@sha256%3A2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator\u0026tag=1782606842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel9@sha256%3Afb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9\u0026tag=1782739336"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel9@sha256%3A72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-26/receptor-rhel9\u0026tag=1782710613"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
"product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6322",
"cwe": {
"id": "CWE-140",
"name": "Improper Neutralization of Delimiters"
},
"discovery_date": "2026-05-05T11:01:00.332189+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI\u0027s intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the `fast-uri` library allows an attacker to bypass security controls in Red Hat products that process Uniform Resource Identifiers (URIs). By crafting a malicious URI with percent-encoded authority delimiters, an attacker can cause the library to incorrectly interpret the URI\u0027s authority, potentially redirecting applications to an unintended domain. This could lead to a bypass of host allowlist checks, redirect validation, or outbound request routing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "RHBZ#2466684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
}
],
"release_date": "2026-05-05T10:29:16.378000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T16:35:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling"
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-8643",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-04-22T23:09:35+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to write generated script wrappers outside the intended installation directory, leading to arbitrary file overwrite. This can severely impact system integrity and availability, and in certain scenarios, may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in pip\u0027s wheel installation process allows for arbitrary file overwrite due to path traversal. An attacker could exploit this by convincing a user to install a specially crafted malicious Python wheel. While file overwrites are limited to the installing user\u0027s permissions, using `pip install` with elevated privileges in Red Hat environments significantly increases the potential impact, potentially leading to system integrity compromise or arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-8643"
},
{
"category": "external",
"summary": "RHBZ#2460927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-8643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-8643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8643"
},
{
"category": "external",
"summary": "https://github.com/pypa/pip/commit/8eb178480bd1a2b223f509fc430796b265158dfb",
"url": "https://github.com/pypa/pip/commit/8eb178480bd1a2b223f509fc430796b265158dfb"
}
],
"release_date": "2026-05-27T17:03:36.585000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T16:35:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid installing Python wheels from untrusted sources. It is strongly advised against using `pip install` with elevated privileges, such as `sudo`, when installing wheels. Additionally, administrators should inspect `entry_points.txt` within wheels for path separators or absolute paths before installation.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite"
},
{
"cve": "CVE-2026-33154",
"cwe": {
"id": "CWE-917",
"name": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)"
},
"discovery_date": "2026-03-20T21:01:35.498935+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449774"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in dynaconf, a Python configuration management tool. This Server-Side Template Injection (SSTI) vulnerability occurs due to unsafe template evaluation in the @Jinja resolver when the jinja2 package is installed. A remote attacker could exploit this by embedding malicious template expressions in configuration values, which are then processed without a sandboxed environment. This could lead to arbitrary code execution on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33154"
},
{
"category": "external",
"summary": "RHBZ#2449774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449774"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33154",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33154"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33154"
},
{
"category": "external",
"summary": "https://github.com/dynaconf/dynaconf/commit/2fbb45ee36b8c0caa5b924fe19f3c1a5e8603fa7",
"url": "https://github.com/dynaconf/dynaconf/commit/2fbb45ee36b8c0caa5b924fe19f3c1a5e8603fa7"
},
{
"category": "external",
"summary": "https://github.com/dynaconf/dynaconf/releases/tag/3.2.13",
"url": "https://github.com/dynaconf/dynaconf/releases/tag/3.2.13"
},
{
"category": "external",
"summary": "https://github.com/dynaconf/dynaconf/security/advisories/GHSA-pxrr-hq57-q35p",
"url": "https://github.com/dynaconf/dynaconf/security/advisories/GHSA-pxrr-hq57-q35p"
}
],
"release_date": "2026-03-20T20:22:59.090000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T16:35:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T16:35:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-44293",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-05-13T16:03:50.961609+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477104"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe expression within the toObject conversion function, ultimately allowing the attacker to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw affecting Red Hat products that incorporate the protobufjs library. protobufjs is vulnerable to arbitrary code execution when compiling protobuf definitions into JavaScript. During generation of the toObject conversion function, a schema-controlled default value on a bytes field that is not a string can be emitted as unsafe JavaScript code. An attacker who can supply or influence the protobuf descriptor processed by the application (low privileges required) may achieve code execution in the Node.js process context. Fixed upstream in protobufjs 7.5.6 and 8.0.2. Affects Red Hat offerings that bundle protobufjs and process attacker-influenced protobuf schemas at runtime.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44293"
},
{
"category": "external",
"summary": "RHBZ#2477104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477104"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44293"
},
{
"category": "external",
"summary": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-66ff-xgx4-vchm",
"url": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-66ff-xgx4-vchm"
}
],
"release_date": "2026-05-13T14:43:33.342000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T16:35:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors"
},
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T16:35:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T16:35:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in Axios affecting Node.js environments. When an application uses Axios with an authenticated HTTP proxy and follows redirects from an HTTP to a non-proxied HTTPS destination, the Proxy-Authorization header may be inadvertently sent to the final origin server. This could lead to the exposure of sensitive proxy credentials to an unintended third party.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T16:35:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A denial of service flaw was found in Axios, a JavaScript HTTP client library. This issue arises when applications utilize the `fetch` adapter, as configured request and response size limits are not properly enforced. A remote attacker could exploit this by sending or receiving excessively large data bodies, leading to resource exhaustion and potential denial of service in affected server-side applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T16:35:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in Axios, a promise-based HTTP client, can lead to information disclosure, including credential theft and response hijacking, or denial of service. Exploitation requires a separate prototype pollution vulnerability in the same JavaScript process, allowing an attacker to control `Object.prototype.transformResponse`. Red Hat products using affected Axios versions are at risk if another component introduces such pollution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T16:35:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-45736",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-05-15T16:00:55.786944+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477914"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in the `ws` WebSocket library for Node.js could lead to sensitive information disclosure. The flaw occurs when a `TypedArray` is specifically provided as the `reason` argument to the `websocket.close()` function, potentially exposing uninitialized memory. Red Hat products utilizing this library may be affected if their implementations allow for such a crafted `close()` call.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "RHBZ#2477914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086",
"url": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx"
}
],
"release_date": "2026-05-15T14:53:57.263000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T16:35:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`"
},
{
"cve": "CVE-2026-48526",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-28T16:01:22.805235+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer\u0027s public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in PyJWT allows for authentication bypass and unauthorized access. It occurs when a JWT verifier is misconfigured to accept both symmetric and asymmetric algorithms, and a public JSON Web Key is erroneously used as the HMAC secret. Red Hat products are only affected if they utilize this specific, non-standard verifier configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "RHBZ#2482734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx"
}
],
"release_date": "2026-05-28T15:09:09.258000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T16:35:24+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"product_ids": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:51e90eeed5c6bf2e6355ee9ba50fe330149b7c2b7633a106946459e8984d82ae_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:5e9de77acecac9653b91d2ebbfc5be8dc47da81e9e3e1772d38f827f05779632_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:7cefb007f075c5b1e0265fe8b12888218201cb453e9ebac315d91a79ed6e686a_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/aap-must-gather-rhel9@sha256:bd4450e5af03c053f28e9c2ca0f2a2c016fc55fef4187676bc4edd5149c1a0f4_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:21243b5bb27b62467a311f0dfb5001384b424c095e17eba2c4fa441d7a03f7cf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:22190a2714d3942a57dbe9dd265570bfe179b8d7f3e412173d010090de2bb98d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:35b39d818bfb7b3fe86f77eedb134d12e9f316ce1642f86a8fa5ce1c1e31f37b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-builder-rhel9@sha256:3f2e1942032818fe9c91bf18948b80002a713b81c96e8ef5a3a4178a24899fb7_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:25928bb67eadad3a0d3b23da81acb313b8f873476250ddc6481cfb06bc25b8ab_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:bdfafa3b05bea80b81ffdc63cd77d4b2a96588ccd309aba83de0a683cb07c3c4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:d7aa74297e76cb375c4bdd939c673739e34e22d83f8ef8846b1aa3c3c2264bbe_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ansible-dev-tools-rhel9@sha256:ea75fa4468a26357ce7c92614d70bc41ff0f8a8e562978a5b2bdfa5563492090_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:49025eb304ed55e363338fbe74b8dd77815b4d87183f1cb0cbfbbba71c2d2c59_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:54524172989364298f5cce342ef854f62fd59c75a42be804af3f286c6585b3d1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:c1d135f85a4a1c5fe1c86509658d3056ce4bf748e8210274756064e18f991440_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9-operator@sha256:fb2eb12e6a6159c75e56f58429789cc0ac74af2a3d04f9ab865c8d86576e8c15_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:1252d44baa18b442de12a9659d3419ef77148e47ca14747ae684b8541fe795a7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:4750bc9a80e819747b9d6576d21e348634f0dd4bc56190a662e22b2c80172bbd_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:5988a2daac19ccd72b8eec8cd1d9b623c69aed7be1a4223070d2c65256210776_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/controller-rhel9@sha256:eac25bae75a0e08a0aae706325faae2606ee8b0c086559cc0b89a59501a511f8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:4c56fcde717c7a7957638fa6624a6ba5a9fc372bc9056e924158a0477410c9e7_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:5f5b5adc67e0655dcc3bcaaa4bb75337ebff130cca2e019d553be7521ca71871_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:91438ae17f6ee162df0d564fe47c8690a5246315e26fa4ebfa16dc8c93425cb7_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-minimal-rhel9@sha256:df6617374f5f70f6ff53a980d38ddda8ab1aca125894eadc3a1932ba7612626d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:49d0f2c55661dd973b0a15ba0e096c54badf4e0017093dfee373a655d47373f0_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:5bbbcaa71f5bf11922738e37c1155c5e60ebc5166a67690f5e5218a42b946366_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:99446549dca0b1cd38919ed7489e3eff72b1e4dd739e4f4e914d6c3ca6076b58_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/de-supported-rhel9@sha256:cf59b3a7897d59615e746c14697a289d79afbc18a9d2e7e7b5f7b1242d640b02_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:6e7f3aa6bb48cbe35d205d5f4c9ea251945dcdcce9b40cd49676705d778d9500_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bc37b9c572c3df959e0ceb9fe011be84906fe759817eee697c486131fd5bc0cb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:bf4a2e668e36a0e8e381f4417a263bd736d114f4e464d4a6c5ea22962b3f2a9e_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9-operator@sha256:feffba283e2a49967cd57139fe7af2309cd55ea9bb4464e250bf7b5a98913a2b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:86908784cb38408c502a733672b2f76e5a5c93b0266afccc9f281cb0c8f2f20c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:8f721159d1fb2b71fb746eec0213c1111896c7b77a2904d64a2c1696cdce796c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:afe3ebfa9897d2b9a7d8f9bd7fb4a2210e4b7e603de5fe168740f0aa4bb04495_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-rhel9@sha256:fd6aa3b12a35343168ee2e752b437a51c58e8e8e329c8bdd7d230653265a790e_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:01cb3c8bb62be8bcdeaea2fa79413caca0f111980f4134b06df5230bd0b357fc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:20b0fcf0b2d388320c0cb1414f2422493ca9acf39c876fd45265e8b32030ef3b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:51fc32fbd543c74767403a113ccceedb262ccb92b9fd5a9efdc39ed2c1e608b3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/eda-controller-ui-rhel9@sha256:d4edd3fd9d125deb51d48c8709eac2505056da0f1341020db5469be8af0ca200_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:201ab631050d34fb956e1333730a387833b7aa3a2a4389d2a01bb79a2fe51bbf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:47ca2eaea554b825306387f07aef8a5ee830ee1885d2df51055ac22d7576d2cd_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:7a181f8f3d2eadeae6b1d4d38da28f4e0a7c7f1fc662d213f72a63fd56f67443_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9@sha256:fa97e7031e19af10a571d8ff67e13de3489603f60dbf9fd0c19205fb3447e912_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:01e117719b770e5bf767700b3cf5a3c79d7a74c181fda4dd4605cb4f41ea5bcd_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:155dfad34b7402e4462d98c3026ab38a6024338dfe80bfc33abb9102d12b077d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:aa96f8cf13ae3374588cc99a558d1def2bcf0579d75b90d0772139fab991b06b_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/ee-supported-rhel9@sha256:f1d48c91052387ebc88bc7c76c8f49bae708c67e160d976974c8b31e9efbd219_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:008f0946e1545a0baa8e2baa9d12dc3244a47cd42af020afedfce3b1450f6c16_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:6a63e70123c2cd8cf8ddec71fb88d0dee08d2b7b1bcfc37d27fde3a50a59b7e8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:96f6b104c31c317aa118ff64cff2522f136bbb520de7fb8015257630fcfdecfb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-proxy-rhel9@sha256:9dd240e967b0a1949a812050a123e513858ccd428feb1c42646e409fbf711b35_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:6f5480749ac020fc0e226dd87855baeae624b4c57c2787303e7321f63117c789_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:7265c4bc839141da2a0599bc367c4be2b8e8743423ea1b6b8d68729b1cfa8bcc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:9486931d703d050f59a9f1bcfe5e016351d3ccc9b5c1975963b91ac34fc0b25e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9-operator@sha256:c458f98a5afdf96262536fa1b7d672eb897c2800ec3dc4a2094ee5e8ae09ac31_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:23ea476af89606789f91e647e952039bff83b5ace02440b2c11dccb9020cc0fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:870a39d44775c352b2c574f4b8d6585b96b44a48eefea1cbb8463809b75a1d6f_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:b3132e81fca86bc4bf6fe9f75fb3cafd1ef0f02fe84aeaffa51539e5f4a1b54c_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/gateway-rhel9@sha256:fc3b7a2d42adaa47a938efe8e94d9d5665fe74a66d04884e886da33ad61774d0_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:2076dc61bf8db58916f3bacdb7483cdae8db169e2c4187e0c509f4fad9bc66ac_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:4e2047551e67c9c79e54ea5cd42accd746db89b8f37181a4b8ddceee166b3f2f_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:635a2526236205059d382f8860a7600105596caa546c129e855bd1ad241ebda7_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9-operator@sha256:ab0b5c35985ab8da547bc85aeff75c00ef32de0ea4f3446d75420ba935a5ddf4_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:20f8e067fa199055be096f4e655a0004616caab1eb32ccbe853677705d4e99f2_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:7c82062799a4bc38472a8d62827cbead3cf9396e132c9567e1d7682b8e4eb01d_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:94a4269cc3ddfdaf549eb4b547a461c2eafa9a0e3682511f2c18a3cf846beba3_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-rhel9@sha256:ac33685303a23070d840d68bce5381230bbf98f1f65abaa80eca75c99b821d88_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:29bf69f7793d3ecaf724f791e735f1bd4121cddc6b1118553bcc77ef3a3054a1_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:46ae8d0b9eb51c730b57aa7b9d0561dc8e7510240e100a9deaea7e501cf115c2_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:c314fa51aef6754a3d665650a9a2861da1ec3557e2b92c29a2b16b2790d615a4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/hub-web-rhel9@sha256:cd2a2cb5784051c6595a95865e390a52c38b2b62fbf2fa3d40545d083c846992_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:05debd9e92a56b761a55f36c54d31ceda7b77bc58178946c4b5d0d08faa01cfc_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:19954ceb4da5840bc7d8953932bd9f36baaa3ad219ccac4b44324f25f962182a_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:866e4fbdeefc40e19ec6962c6b1577ef9f66affa46b96a2dbd30501b4e3b2695_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-chatbot-rhel9@sha256:990fa7d78f384772aaf369956a51ba7393cd5e225daa3c4e37f56ed2a1b4d5fb_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:64e4c2ac5a5126294d7264d33723b8c7e8a8f2909a33d2bff40bfbb2965fcd81_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:8a85413afe8d8ab179dff3638f3d5509bf180d54d016706aa50781bbb72338bc_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:a0af7052a5cc79ec38267f6016330bbc30fe4c8dff0776a6fe6cee048cb1bbcf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9-operator@sha256:df72d966e05e20571d1d588092d8bf95f28ae5178ddac780257064069e8cf75c_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:5a0a1932f8bcdf436f08f9d00fdb520feefad62061ce79426d44ecd7d01724a2_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:72da4f73e7063cfcb49a800bf9dc5acdd715221d4dff6120db5950634e5824f5_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:883c2aa7d2a9f8ddcccd8c48b79bff59ffa3eb3f59392e727dd050ec4efdb92b_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/lightspeed-rhel9@sha256:9bed2310605563c0d439ed85731e980038ada7c3970fc26de24c1c7d291afe07_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:09b95ff35ae5c1b2c356f7506d4e8283cb0b69b8b5a130bf9d6c31e6bfc04932_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:0cebc0075f16274a3620c4becac1490dc91904d09487fdc76aafe98fbaca5ccf_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:78f3234c47001e7a2902352bf85c7cc893f8ff7aafb01d3d6875cfe2df0a6a16_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/mcp-tools-rhel9@sha256:8844e2149f6d16a9112f7ca4580c27dbe974f0bfce1fc21c87d5072813deba45_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:180b60f1efcd9902f18b7104973acf277ea6881d6a806e288ea598b71bfa8e2d_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:2dc26cd49218da49a4761d8012d9777019facea787df61dafce31db6b3bef8b8_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:d08b49badd427bd263a5810800c4705f296b2caf188765837f8b5284d6ff6feb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-rhel9-operator@sha256:edcd49c90231e8071dc45385f077400ae3dd9fdba54de188e3aba84da49c00c5_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:06f9f2d54689bd9770d4102c377a2596bf4294c824c2db69f4ad23a849d8996c_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:3985e43602b73ad41f7092847b6c92700ec5bfd6d849cc37adff563b6a994ea3_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:eb7543913777f50fe437035b18e08cec754ec6ee05666f8c88900b6349b467bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/platform-resource-runner-rhel9@sha256:fb35bc2313df94fd8a4b4e8293f1489ea518c002858c29ade906a678ccd48d0d_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:31f1c672dc3197cb7bfeb51b37d357425d4057fec9c22ea8810005c147e493a0_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:457829af072b2c430e077ae362dd62b63f1737b72434c11b2fb9e98262c6f058_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:6243c7517063c907dbd898b6ff7c4f5a6a001b15141c6b703a771a826b1e9b23_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-26/receptor-rhel9@sha256:72bef79259e60a3f96f3788b2ed207ef6d8c1d4901d5c1d293981099d2932b44_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:1bdebc0ea3641538b6029945ef99eab50aa4b71ab37fd063d712ffc0883faae8_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:75a4693836d31cfc429d6a3852b0bf419255c66f90827b13d2a589dc2bea1992_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8f696a0d69bb54a50140da672ff01c2923550f8ab18dcb1159493b516750f0a4_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:98992a409dfe54f8de0eb67189538d08148418d91d9d07d9aa30262ce54e30d9_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:72d561f41b71f78f7d896ca9b5e2b2cd76495fe602a8687bcbe0739b450a1d99_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:753e9384197b30856cfa43b3f5362395f3554773ec0a00a183705427eb8bced4_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:cb9328dff074240b336cc5395d2d61ff4722e84d11d3c19d470dd1214308b6e5_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/mcp-server-rhel9@sha256:e863e14bd4e3a735ad3af67dd307fce57a0f3b703aed63b731c4206c08a5839f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:1e695b53b5a667d185f61dee9e0242efc8e0962aa4e928bf8908734626d16d38_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:7d614384e1cb7be6bb72dbdc3cb4eb34d38902e05f121ef6220c5a6922715ddf_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:da0844c2faaa1b2dd6c0c4944218c947043ac3b7edd8d4533ba7faf5f9436412_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9-operator@sha256:fd141141252f9253c089dd341447f86cd75a39bff1cb8c25baab40f86fd655bb_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:690de59af44d4b7cf2dada9c3450cbd6a0d3437cc7ac2bca9b5d6b91c4c2c605_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:6cc8eaac0ef579a5359fe2b3c8de0ad776e732b82afd9fb9c4fd4ad74e9f832f_ppc64le",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:bc5d7a4679b2cd19946013fe4c2fc17acfb3a6d9ed410e1f050de51c0a957a6b_arm64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/metrics-service-rhel9@sha256:d954bfc4a5c1f1fc8eba225865a11b9d04f005341e8ab094f7a94cdbe67a7b17_s390x",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:a6eb5b607ce23772fca3dbad70d76dc5d3ebc07b15f5123ace53da01f0e3b21e_amd64",
"Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:d090b565d5d2933ae453eb87c34a2ebb00e09b1b00334a98c771e465dbcea42e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens"
}
]
}
RHSA-2026:35841
Vulnerability from csaf_redhat - Published: 2026-07-06 04:52 - Updated: 2026-07-09 13:21A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.
CWE-940 - Improper Verification of Source of a Communication Channel| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js's default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.
CWE-1286 - Improper Validation of Syntactic Correctness of Input| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for nodejs24 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a platform built on Chrome\u0027s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.\n\nSecurity Fix(es):\n\n* ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (CVE-2026-42338)\n\n* undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (CVE-2026-12151)\n\n* undici: Undici: Information disclosure due to improper cache-control header parsing (CVE-2026-9678)\n\n* undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. (CVE-2026-6733)\n\n* undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header (CVE-2026-11525)\n\n* undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy (CVE-2026-9697)\n\n* undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing (CVE-2026-6734)\n\n* nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames (CVE-2026-48619)\n\n* nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling (CVE-2026-48930)\n\n* nodejs: Node.js: Unauthorized file metadata modification (CVE-2026-48935)\n\n* nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() (CVE-2026-48933)\n\n* nodejs: Node.js: Certification validation bypass in TLS host verification (CVE-2026-48934)\n\n* Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency (CVE-2026-48928)\n\n* nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling (CVE-2026-48615)\n\n* nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch (CVE-2026-48618)\n\nBug Fix(es) and Enhancement(s):\n\n* nodejs24: Rebase to the latest Node.js 24 release [rhel-10.2.z] (JIRA:RHEL-186582)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35841",
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "RHEL-186582",
"url": "https://issues.redhat.com/browse/RHEL-186582"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35841.json"
}
],
"title": "Red Hat Security Advisory: nodejs24 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-07-09T13:21:41+00:00",
"generator": {
"date": "2026-07-09T13:21:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:35841",
"initial_release_date": "2026-07-06T04:52:46+00:00",
"revision_history": [
{
"date": "2026-07-06T04:52:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T04:52:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T13:21:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.18.0-1.el10_2.src",
"product": {
"name": "nodejs24-1:24.18.0-1.el10_2.src",
"product_id": "nodejs24-1:24.18.0-1.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.18.0-1.el10_2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-devel@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-full-i18n@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debugsource@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debuginfo@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"product": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"product_id": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs-debuginfo@24.18.0-1.el10_2?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-devel@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-full-i18n@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debugsource@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debuginfo@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"product": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"product_id": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs-debuginfo@24.18.0-1.el10_2?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-devel@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-full-i18n@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debugsource@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debuginfo@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"product": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"product_id": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs-debuginfo@24.18.0-1.el10_2?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-devel@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-full-i18n@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debugsource@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-debuginfo@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"product": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"product_id": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-libs-debuginfo@24.18.0-1.el10_2?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"product": {
"name": "nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"product_id": "nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-docs@24.18.0-1.el10_2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch",
"product": {
"name": "nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch",
"product_id": "nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs24-npm@11.16.0-1.24.18.0.1.el10_2?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.18.0-1.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src"
},
"product_reference": "nodejs24-1:24.18.0-1.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-devel-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-docs-1:24.18.0-1.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch"
},
"product_reference": "nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64"
},
"product_reference": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le"
},
"product_reference": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x"
},
"product_reference": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64"
},
"product_reference": "nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
},
"product_reference": "nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6733",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:02:16.713859+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici\u0027s HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low: A flaw in Undici\u0027s HTTP/1.1 client, as used in various Red Hat products, allows an attacker-controlled upstream server to inject unsolicited responses onto reused keep-alive sockets. This can lead to incorrect response delivery, potentially impacting data integrity, but requires a compromised server and active keep-alive connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "RHBZ#2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3582376",
"url": "https://hackerone.com/reports/3582376"
}
],
"release_date": "2026-06-17T17:14:50.991000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery."
},
{
"cve": "CVE-2026-6734",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:04:00.272340+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490024"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important security flaw. The `undici` library, when configured with `Socks5ProxyAgent` to handle requests for multiple origins, incorrectly reuses connection pools. This can lead to sensitive data and credentials being misrouted to unintended destinations, potentially downgrading HTTPS connections to HTTP and compromising data integrity and confidentiality. Red Hat products utilizing `undici` with `Socks5ProxyAgent` in multi-origin scenarios are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "RHBZ#2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
}
],
"release_date": "2026-06-17T16:36:55.439000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "The single most impactful mitigation is applying network egress controls to restrict which external destinations affected applications can reach. Because the vulnerability causes requests to be misrouted to wrong origins, limiting the set of reachable origins directly reduces the attack surface. These controls collectively limit the blast radius of the connection pool misrouting \u2014 the attacker must compromise one of the explicitly allowed destinations rather than any arbitrary origin \u2014 but they do not fix the underlying logic bug.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing"
},
{
"cve": "CVE-2026-9678",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:01:33.359372+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "RHBZ#2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
}
],
"release_date": "2026-06-17T17:04:09.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
},
{
"cve": "CVE-2026-9697",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-17T19:03:30.813843+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability. Applications using `undici`\u0027s `ProxyAgent` with a SOCKS5 proxy URI will silently ignore user-configured TLS options, including custom Certificate Authorities. This bypasses intended security controls for HTTPS communication, enabling a remote attacker to perform Man-in-the-Middle attacks, potentially leading to information disclosure or arbitrary code execution in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "RHBZ#2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
}
],
"release_date": "2026-06-17T16:46:42.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy"
},
{
"cve": "CVE-2026-11525",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:02:29.292011+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie\u0027s SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact flaw in undici, as used in various Red Hat products, arises from incorrect parsing of the `SameSite` cookie attribute. A malicious server could exploit this by sending a specially crafted `Set-Cookie` header, causing the `SameSite` policy to be downgraded to a less secure setting. This could lead to a minor weakening of security protections or unintended information disclosure in applications that process and rely on these cookie attributes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "RHBZ#2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-11525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m"
}
],
"release_date": "2026-06-17T17:31:03.163000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header"
},
{
"cve": "CVE-2026-12151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-17T17:01:45.297604+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489980"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the `undici` WebSocket client allows a remote attacker to cause unbounded memory growth. By sending numerous small or empty WebSocket frames, an unauthenticated attacker can exhaust system memory, leading to a denial of service in Red Hat products that use the affected client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "RHBZ#2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
}
],
"release_date": "2026-06-17T16:05:38.785000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48619",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:06.466413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Node.js HTTP/2 client can lead to a denial of service. A malicious server could exploit this by sending an excessive number of ORIGIN frames, causing the client to consume all available memory. This affects Red Hat products utilizing Node.js as an HTTP/2 client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "RHBZ#2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames"
},
{
"cve": "CVE-2026-48928",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:01:48.441706+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "RHBZ#2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.981000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency"
},
{
"cve": "CVE-2026-48930",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-06-26T02:01:11.476251+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "RHBZ#2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48930"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e",
"url": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3656716",
"url": "https://hackerone.com/reports/3656716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:37.006000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
},
{
"cve": "CVE-2026-48934",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-26T02:01:43.284771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Certification validation bypass in TLS host verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "RHBZ#2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Certification validation bypass in TLS host verification"
},
{
"cve": "CVE-2026-48935",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-06-26T02:01:29.191932+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493329"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Unauthorized file metadata modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "RHBZ#2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.641000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T04:52:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.src",
"AppStream-10.2.Z:nodejs24-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-debugsource-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-devel-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-docs-1:24.18.0-1.el10_2.noarch",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-full-i18n-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.aarch64",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.s390x",
"AppStream-10.2.Z:nodejs24-libs-debuginfo-1:24.18.0-1.el10_2.x86_64",
"AppStream-10.2.Z:nodejs24-npm-1:11.16.0-1.24.18.0.1.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Unauthorized file metadata modification"
}
]
}
RHSA-2026:35842
Vulnerability from csaf_redhat - Published: 2026-07-06 05:32 - Updated: 2026-07-08 23:16A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.
CWE-940 - Improper Verification of Source of a Communication Channel| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.
CWE-1286 - Improper Validation of Syntactic Correctness of Input| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for nodejs22 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a platform built on Chrome\u0027s JavaScript runtime \\ for easily building fast, scalable network applications. \\ Node.js uses an event-driven, non-blocking I/O model that \\ makes it lightweight and efficient, perfect for data-intensive \\ real-time applications that run across distributed devices.\n\nSecurity Fix(es):\n\n* ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (CVE-2026-42338)\n\n* undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (CVE-2026-12151)\n\n* undici: Undici: Information disclosure due to improper cache-control header parsing (CVE-2026-9678)\n\n* undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. (CVE-2026-6733)\n\n* undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header (CVE-2026-11525)\n\n* nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames (CVE-2026-48619)\n\n* nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling (CVE-2026-48930)\n\n* nodejs: Node.js: Unauthorized file metadata modification (CVE-2026-48935)\n\n* nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() (CVE-2026-48933)\n\n* nodejs: Node.js: Certification validation bypass in TLS host verification (CVE-2026-48934)\n\n* Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency (CVE-2026-48928)\n\n* nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling (CVE-2026-48615)\n\n* nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch (CVE-2026-48618)\n\nBug Fix(es) and Enhancement(s):\n\n* nodejs22: Rebase to the latest Node.js 22 release [rhel-10.2.z] (JIRA:RHEL-186623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35842",
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "RHEL-186623",
"url": "https://issues.redhat.com/browse/RHEL-186623"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35842.json"
}
],
"title": "Red Hat Security Advisory: nodejs22 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-07-08T23:16:04+00:00",
"generator": {
"date": "2026-07-08T23:16:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:35842",
"initial_release_date": "2026-07-06T05:32:31+00:00",
"revision_history": [
{
"date": "2026-07-06T05:32:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T05:32:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T23:16:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"product": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"product_id": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.8-1.22.23.1.2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product_id": "nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.23.1-2.el10_2?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"product": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"product_id": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.8-1.22.23.1.2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product_id": "nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.23.1-2.el10_2?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs-devel-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs-libs-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"product": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"product_id": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.8-1.22.23.1.2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"product": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"product_id": "nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.23.1-2.el10_2?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"product": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"product_id": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-npm@10.9.8-1.22.23.1.2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debugsource@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product_id": "nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-debuginfo@22.23.1-2.el10_2?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:22.23.1-2.el10_2.noarch",
"product": {
"name": "nodejs-docs-1:22.23.1-2.el10_2.noarch",
"product_id": "nodejs-docs-1:22.23.1-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.23.1-2.el10_2?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-1:22.23.1-2.el10_2.src",
"product": {
"name": "nodejs22-1:22.23.1-2.el10_2.src",
"product_id": "nodejs22-1:22.23.1-2.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22@22.23.1-2.el10_2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs-devel-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.23.1-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch"
},
"product_reference": "nodejs-docs-1:22.23.1-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs-libs-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64"
},
"product_reference": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le"
},
"product_reference": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x"
},
"product_reference": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64"
},
"product_reference": "nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-1:22.23.1-2.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src"
},
"product_reference": "nodejs22-1:22.23.1-2.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64"
},
"product_reference": "nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le"
},
"product_reference": "nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x"
},
"product_reference": "nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
},
"product_reference": "nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6733",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:02:16.713859+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici\u0027s HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low: A flaw in Undici\u0027s HTTP/1.1 client, as used in various Red Hat products, allows an attacker-controlled upstream server to inject unsolicited responses onto reused keep-alive sockets. This can lead to incorrect response delivery, potentially impacting data integrity, but requires a compromised server and active keep-alive connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "RHBZ#2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3582376",
"url": "https://hackerone.com/reports/3582376"
}
],
"release_date": "2026-06-17T17:14:50.991000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery."
},
{
"cve": "CVE-2026-9678",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:01:33.359372+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "RHBZ#2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
}
],
"release_date": "2026-06-17T17:04:09.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
},
{
"cve": "CVE-2026-11525",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:02:29.292011+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie\u0027s SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact flaw in undici, as used in various Red Hat products, arises from incorrect parsing of the `SameSite` cookie attribute. A malicious server could exploit this by sending a specially crafted `Set-Cookie` header, causing the `SameSite` policy to be downgraded to a less secure setting. This could lead to a minor weakening of security protections or unintended information disclosure in applications that process and rely on these cookie attributes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "RHBZ#2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-11525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m"
}
],
"release_date": "2026-06-17T17:31:03.163000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header"
},
{
"cve": "CVE-2026-12151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-17T17:01:45.297604+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489980"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the `undici` WebSocket client allows a remote attacker to cause unbounded memory growth. By sending numerous small or empty WebSocket frames, an unauthenticated attacker can exhaust system memory, leading to a denial of service in Red Hat products that use the affected client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "RHBZ#2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
}
],
"release_date": "2026-06-17T16:05:38.785000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48619",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:06.466413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Node.js HTTP/2 client can lead to a denial of service. A malicious server could exploit this by sending an excessive number of ORIGIN frames, causing the client to consume all available memory. This affects Red Hat products utilizing Node.js as an HTTP/2 client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "RHBZ#2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames"
},
{
"cve": "CVE-2026-48928",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:01:48.441706+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "RHBZ#2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.981000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency"
},
{
"cve": "CVE-2026-48930",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-06-26T02:01:11.476251+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "RHBZ#2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48930"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e",
"url": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3656716",
"url": "https://hackerone.com/reports/3656716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:37.006000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
},
{
"cve": "CVE-2026-48934",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-26T02:01:43.284771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Certification validation bypass in TLS host verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "RHBZ#2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Certification validation bypass in TLS host verification"
},
{
"cve": "CVE-2026-48935",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-06-26T02:01:29.191932+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493329"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Unauthorized file metadata modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "RHBZ#2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.641000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:32:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35842"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-devel-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-docs-1:22.23.1-2.el10_2.noarch",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-full-i18n-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-libs-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.s390x",
"AppStream-10.2.Z:nodejs-npm-1:10.9.8-1.22.23.1.2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-1:22.23.1-2.el10_2.src",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debuginfo-1:22.23.1-2.el10_2.x86_64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.aarch64",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.s390x",
"AppStream-10.2.Z:nodejs22-debugsource-1:22.23.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Unauthorized file metadata modification"
}
]
}
RHSA-2026:35891
Vulnerability from csaf_redhat - Published: 2026-07-06 14:47 - Updated: 2026-07-09 13:21A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.
CWE-940 - Improper Verification of Source of a Communication Channel| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js's default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.
CWE-1286 - Improper Validation of Syntactic Correctness of Input| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (CVE-2026-42338)\n\n* undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames (CVE-2026-12151)\n\n* undici: Undici: Information disclosure due to improper cache-control header parsing (CVE-2026-9678)\n\n* undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery. (CVE-2026-6733)\n\n* undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header (CVE-2026-11525)\n\n* undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy (CVE-2026-9697)\n\n* undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing (CVE-2026-6734)\n\n* nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames (CVE-2026-48619)\n\n* nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling (CVE-2026-48930)\n\n* nodejs: Node.js: Unauthorized file metadata modification (CVE-2026-48935)\n\n* nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt() (CVE-2026-48933)\n\n* nodejs: Node.js: Certification validation bypass in TLS host verification (CVE-2026-48934)\n\n* Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency (CVE-2026-48928)\n\n* nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling (CVE-2026-48615)\n\n* nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch (CVE-2026-48618)\n\nBug Fix(es) and Enhancement(s):\n\n* nodejs:24/nodejs: Rebase to the latest Node.js 24 release [rhel-9.8.z] (JIRA:RHEL-186580)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35891",
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "RHEL-186580",
"url": "https://issues.redhat.com/browse/RHEL-186580"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35891.json"
}
],
"title": "Red Hat Security Advisory: nodejs:24 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-07-09T13:21:41+00:00",
"generator": {
"date": "2026-07-09T13:21:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:35891",
"initial_release_date": "2026-07-06T14:47:52+00:00",
"revision_history": [
{
"date": "2026-07-06T14:47:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T14:47:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T13:21:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=src\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"product": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src (nodejs:24)",
"product_id": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.3-3.module%2Bel9.8.0%2B24355%2B35d95b59?arch=src\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src (nodejs:24)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.8.0%2B24355%2B35d95b59?arch=src\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"product": {
"name": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch (nodejs:24)",
"product_id": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch (nodejs:24)",
"product_id": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.3-3.module%2Bel9.8.0%2B24355%2B35d95b59?arch=noarch\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch (nodejs:24)",
"product_id": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-6.module%2Bel9.8.0%2B24355%2B35d95b59?arch=noarch\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch (nodejs:24)",
"product_id": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-6.module%2Bel9.8.0%2B24355%2B35d95b59?arch=noarch\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"product": {
"name": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch (nodejs:24)",
"product_id": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@11.16.0-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@24.18.0-1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24)",
"product_id": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-13.6-devel@13.6.233.17-1.24.18.0.1.module%2Bel9.8.0%2B24456%2Bb244c3b4?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:24:9080020260626074955:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24"
},
"product_reference": "nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24"
},
"product_reference": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24"
},
"product_reference": "nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24"
},
"product_reference": "nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24"
},
"product_reference": "npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64 (nodejs:24) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
},
"product_reference": "v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6733",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:02:16.713859+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici\u0027s HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket. Consequently, when the client dispatches a new request on that socket, it may associate the injected response with the new request, leading to responses being delivered to unintended recipients or requests. This could result in a low impact on data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low: A flaw in Undici\u0027s HTTP/1.1 client, as used in various Red Hat products, allows an attacker-controlled upstream server to inject unsolicited responses onto reused keep-alive sockets. This can lead to incorrect response delivery, potentially impacting data integrity, but requires a compromised server and active keep-alive connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6733"
},
{
"category": "external",
"summary": "RHBZ#2490006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6733"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3582376",
"url": "https://hackerone.com/reports/3582376"
}
],
"release_date": "2026-06-17T17:14:50.991000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery."
},
{
"cve": "CVE-2026-6734",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:04:00.272340+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490024"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important security flaw. The `undici` library, when configured with `Socks5ProxyAgent` to handle requests for multiple origins, incorrectly reuses connection pools. This can lead to sensitive data and credentials being misrouted to unintended destinations, potentially downgrading HTTPS connections to HTTP and compromising data integrity and confidentiality. Red Hat products utilizing `undici` with `Socks5ProxyAgent` in multi-origin scenarios are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "RHBZ#2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
}
],
"release_date": "2026-06-17T16:36:55.439000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "The single most impactful mitigation is applying network egress controls to restrict which external destinations affected applications can reach. Because the vulnerability causes requests to be misrouted to wrong origins, limiting the set of reachable origins directly reduces the attack surface. These controls collectively limit the blast radius of the connection pool misrouting \u2014 the attacker must compromise one of the explicitly allowed destinations rather than any arbitrary origin \u2014 but they do not fix the underlying logic bug.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing"
},
{
"cve": "CVE-2026-9678",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:01:33.359372+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "RHBZ#2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
}
],
"release_date": "2026-06-17T17:04:09.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
},
{
"cve": "CVE-2026-9697",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-17T19:03:30.813843+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability. Applications using `undici`\u0027s `ProxyAgent` with a SOCKS5 proxy URI will silently ignore user-configured TLS options, including custom Certificate Authorities. This bypasses intended security controls for HTTPS communication, enabling a remote attacker to perform Man-in-the-Middle attacks, potentially leading to information disclosure or arbitrary code execution in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "RHBZ#2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
}
],
"release_date": "2026-06-17T16:46:42.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy"
},
{
"cve": "CVE-2026-11525",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:02:29.292011+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie\u0027s SameSite policy to a less secure setting, potentially leading to unintended information disclosure or a weakening of security protections for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact flaw in undici, as used in various Red Hat products, arises from incorrect parsing of the `SameSite` cookie attribute. A malicious server could exploit this by sending a specially crafted `Set-Cookie` header, causing the `SameSite` policy to be downgraded to a less secure setting. This could lead to a minor weakening of security protections or unintended information disclosure in applications that process and rely on these cookie attributes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-11525"
},
{
"category": "external",
"summary": "RHBZ#2490008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-11525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m"
}
],
"release_date": "2026-06-17T17:31:03.163000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header"
},
{
"cve": "CVE-2026-12151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-17T17:01:45.297604+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489980"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion, resulting in a denial of service (DoS) for affected applications using the undici WebSocket client or WebSocketStream API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the `undici` WebSocket client allows a remote attacker to cause unbounded memory growth. By sending numerous small or empty WebSocket frames, an unauthenticated attacker can exhaust system memory, leading to a denial of service in Red Hat products that use the affected client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12151"
},
{
"category": "external",
"summary": "RHBZ#2489980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12151"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q"
}
],
"release_date": "2026-06-17T16:05:38.785000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the `ip-address` JavaScript library is rated as Important. It allows for cross-site scripting (XSS) when an application processes untrusted input through the `Address6` constructor and subsequently renders the unescaped output of methods like `Address6.group()`, `Address6.link()`, or `AddressError.parseMessage` directly as HTML. While the library itself is affected, exploitation is contingent on specific application-level rendering practices that may not be common in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48619",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:06.466413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Node.js HTTP/2 client can lead to a denial of service. A malicious server could exploit this by sending an excessive number of ORIGIN frames, causing the client to consume all available memory. This affects Red Hat products utilizing Node.js as an HTTP/2 client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "RHBZ#2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames"
},
{
"cve": "CVE-2026-48928",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:01:48.441706+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "RHBZ#2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.981000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency"
},
{
"cve": "CVE-2026-48930",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-06-26T02:01:11.476251+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "RHBZ#2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48930"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e",
"url": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3656716",
"url": "https://hackerone.com/reports/3656716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:37.006000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
},
{
"cve": "CVE-2026-48934",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-26T02:01:43.284771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Certification validation bypass in TLS host verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "RHBZ#2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Certification validation bypass in TLS host verification"
},
{
"cve": "CVE-2026-48935",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-06-26T02:01:29.191932+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493329"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Unauthorized file metadata modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "RHBZ#2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.641000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T14:47:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35891"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-debugsource-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-devel-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-docs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-full-i18n-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:24.18.0-1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.3-3.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-6.module+el9.8.0+24355+35d95b59.src::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-6.module+el9.8.0+24355+35d95b59.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:npm-1:11.16.0-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.noarch::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.aarch64::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.ppc64le::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.s390x::nodejs:24",
"AppStream-9.8.0.Z.MAIN.EUS:v8-13.6-devel-3:13.6.233.17-1.24.18.0.1.module+el9.8.0+24456+b244c3b4.x86_64::nodejs:24"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Unauthorized file metadata modification"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.