Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-9697 (GCVE-0-2026-9697)
Vulnerability from cvelistv5 – Published: 2026-06-17 16:46 – Updated: 2026-06-30 12:06
VLAI
EPSS
Title
undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
Summary
Impact:
undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings.
Applications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange.
Affected applications are those that use undici's ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added.
Patches:
Upgrade to undici v7.28.0 or v8.5.0.
Workarounds:
No workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/nodejs/undici/security/advisor… | |
| https://cna.openjsf.org/security-advisories.html | |
| https://access.redhat.com/security/cve/CVE-2026-9697 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2490018 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:7378 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22380 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22934 | vendor-advisoryx_refsource_REDHAT |
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| undici | undici |
Affected:
7.23.0 , < 7.28.0
(semver)
Unaffected: 7.28.0 (semver) Affected: 8.0.0 , < 8.5.0 (semver) Unaffected: 8.5.0 (semver) |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Cryostat 4 |
cpe:/a:redhat:cryostat:4 |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | Red Hat Build of Podman Desktop |
cpe:/a:redhat:podman_desktop:1 |
|
| Red Hat | Red Hat Developer Hub |
cpe:/a:redhat:rhdh:1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat Openshift Data Foundation 4 |
cpe:/a:redhat:openshift_data_foundation:4 |
|
| Red Hat | Red Hat OpenShift Dev Spaces |
cpe:/a:redhat:openshift_devspaces:3 |
|
| Red Hat | Self-service automation portal 2 |
cpe:/a:redhat:ansible_portal:2 |
|
| Red Hat | Red Hat AMQ Broker 7 |
cpe:/a:redhat:amq_broker:7 |
Credits
tonghuaroot
UlisesGascon
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T03:56:05.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "affected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-06-17T16:46:42.706Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:06:07.356Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"name": "RHBZ#2490018",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9697.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22380"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22934"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:7378: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:22380: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:22934: Red Hat Hardened Images"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-17T19:03:30.813Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-17T16:46:42.706Z",
"value": "Made public."
}
],
"title": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/undici",
"product": "undici",
"vendor": "undici",
"versions": [
{
"lessThan": "7.28.0",
"status": "affected",
"version": "7.23.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "7.28.0",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "8.5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "tonghuaroot"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "UlisesGascon"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Impact:\nundici\u0027s ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node\u0027s default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings.\n\nApplications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange.\n\nAffected applications are those that use undici\u0027s ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added.\n\nPatches:\nUpgrade to undici v7.28.0 or v8.5.0.\n\nWorkarounds:\nNo workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly."
}
],
"value": "Impact:\nundici\u0027s ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node\u0027s default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings.\n\nApplications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange.\n\nAffected applications are those that use undici\u0027s ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added.\n\nPatches:\nUpgrade to undici v7.28.0 or v8.5.0.\n\nWorkarounds:\nNo workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T16:46:42.706Z",
"orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"shortName": "openjs"
},
"references": [
{
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
},
{
"url": "https://cna.openjsf.org/security-advisories.html"
}
],
"title": "undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent",
"x_generator": {
"engine": "cve-kit 1.0.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"assignerShortName": "openjs",
"cveId": "CVE-2026-9697",
"datePublished": "2026-06-17T16:46:42.706Z",
"dateReserved": "2026-05-27T12:02:46.825Z",
"dateUpdated": "2026-06-30T12:06:07.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-9697",
"date": "2026-06-30",
"epss": "0.00375",
"percentile": "0.29339"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-9697\",\"sourceIdentifier\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"published\":\"2026-06-17T18:18:06.473\",\"lastModified\":\"2026-06-30T03:21:47.183\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Impact:\\nundici\u0027s ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node\u0027s default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings.\\n\\nApplications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange.\\n\\nAffected applications are those that use undici\u0027s ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added.\\n\\nPatches:\\nUpgrade to undici v7.28.0 or v8.5.0.\\n\\nWorkarounds:\\nNo workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly.\"}],\"affected\":[{\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"affectedData\":[{\"vendor\":\"undici\",\"product\":\"undici\",\"defaultStatus\":\"unaffected\",\"packageURL\":\"pkg:npm/undici\",\"versions\":[{\"version\":\"7.23.0\",\"lessThan\":\"7.28.0\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.28.0\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"8.0.0\",\"lessThan\":\"8.5.0\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"8.5.0\",\"versionType\":\"semver\",\"status\":\"unaffected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Build of Podman Desktop\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:podman_desktop:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Self-service automation portal 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_portal:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AMQ Broker 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:amq_broker:7\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-22T00:00:00+00:00\",\"id\":\"CVE-2026-9697\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"7.23.0\",\"versionEndExcluding\":\"7.28.0\",\"matchCriteriaId\":\"470B6F0F-0441-4D55-A4A1-5DCBECF32E6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.5.0\",\"matchCriteriaId\":\"37F3655C-C7AE-4B13-A5EB-6FE0A9566124\"}]}]}],\"references\":[{\"url\":\"https://cna.openjsf.org/security-advisories.html\",\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g\",\"source\":\"ce714d77-add3-4f53-aff5-83d477b104bb\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22380\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22934\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7378\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-9697\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2490018\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9697.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_pipelines:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Pipelines\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:podman_desktop:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Build of Podman Desktop\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_data_foundation:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Openshift Data Foundation 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_portal:2\"], \"vendor\": \"Red Hat\", \"product\": \"Self-service automation portal 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_broker:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Broker 7\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-06-17T19:03:30.813Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-06-17T16:46:42.706Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:7378: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22380: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22934: Red Hat Hardened Images\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-06-17T16:46:42.706Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-9697\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2490018\", \"name\": \"RHBZ#2490018\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9697.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7378\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22380\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22934\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-06-30T03:15:55.797Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-9697\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-17T18:34:18.472294Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-17T18:34:36.782Z\"}}], \"cna\": {\"title\": \"undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"tonghuaroot\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"UlisesGascon\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"undici\", \"product\": \"undici\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.23.0\", \"lessThan\": \"7.28.0\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"7.28.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.0.0\", \"lessThan\": \"8.5.0\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"8.5.0\", \"versionType\": \"semver\"}], \"packageURL\": \"pkg:npm/undici\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g\"}, {\"url\": \"https://cna.openjsf.org/security-advisories.html\"}], \"x_generator\": {\"engine\": \"cve-kit 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Impact:\\nundici\u0027s ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node\u0027s default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings.\\n\\nApplications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange.\\n\\nAffected applications are those that use undici\u0027s ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added.\\n\\nPatches:\\nUpgrade to undici v7.28.0 or v8.5.0.\\n\\nWorkarounds:\\nNo workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Impact:\\nundici\u0027s ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node\u0027s default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings.\\n\\nApplications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange.\\n\\nAffected applications are those that use undici\u0027s ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added.\\n\\nPatches:\\nUpgrade to undici v7.28.0 or v8.5.0.\\n\\nWorkarounds:\\nNo workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295: Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"ce714d77-add3-4f53-aff5-83d477b104bb\", \"shortName\": \"openjs\", \"dateUpdated\": \"2026-06-17T16:46:42.706Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-9697\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T03:15:55.797Z\", \"dateReserved\": \"2026-05-27T12:02:46.825Z\", \"assignerOrgId\": \"ce714d77-add3-4f53-aff5-83d477b104bb\", \"datePublished\": \"2026-06-17T16:46:42.706Z\", \"assignerShortName\": \"openjs\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0812
Vulnerability from certfr_avis - Published: 2026-06-29 - Updated: 2026-06-29
De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure Linux | azl3 libssh2 1.11.1-2 versions antérieures à 1.11.1-3 | ||
| Microsoft | Azure Linux | azl3 libssh2 1.11.1-3 versions antérieures à 1.11.1-3 | ||
| Microsoft | Azure Linux | azl3 nodejs 24.14.1-3 versions antérieures à 24.17.0-1 | ||
| Microsoft | Azure Linux | azl3 kernel 6.6.141.1-1 versions antérieures à 6.6.143.1-1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "azl3 libssh2 1.11.1-2 versions ant\u00e9rieures \u00e0 1.11.1-3",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libssh2 1.11.1-3 versions ant\u00e9rieures \u00e0 1.11.1-3",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nodejs 24.14.1-3 versions ant\u00e9rieures \u00e0 24.17.0-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.141.1-1 versions ant\u00e9rieures \u00e0 6.6.143.1-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"name": "CVE-2026-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53230"
},
{
"name": "CVE-2026-52934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52934"
},
{
"name": "CVE-2026-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53214"
},
{
"name": "CVE-2026-53274",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53274"
},
{
"name": "CVE-2026-52947",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52947"
},
{
"name": "CVE-2026-53218",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53218"
},
{
"name": "CVE-2026-53143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53143"
},
{
"name": "CVE-2026-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53161"
},
{
"name": "CVE-2026-52924",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52924"
},
{
"name": "CVE-2026-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53227"
},
{
"name": "CVE-2026-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53239"
},
{
"name": "CVE-2026-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53181"
},
{
"name": "CVE-2026-52943",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52943"
},
{
"name": "CVE-2026-52915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52915"
},
{
"name": "CVE-2026-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53146"
},
{
"name": "CVE-2026-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52913"
},
{
"name": "CVE-2026-52941",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52941"
},
{
"name": "CVE-2026-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53150"
},
{
"name": "CVE-2026-53147",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53147"
},
{
"name": "CVE-2026-52942",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52942"
},
{
"name": "CVE-2026-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53183"
},
{
"name": "CVE-2026-52931",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52931"
},
{
"name": "CVE-2026-52919",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52919"
},
{
"name": "CVE-2026-53266",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53266"
},
{
"name": "CVE-2026-53149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53149"
},
{
"name": "CVE-2026-53176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53176"
},
{
"name": "CVE-2026-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53158"
},
{
"name": "CVE-2026-53219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53219"
},
{
"name": "CVE-2026-53249",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53249"
},
{
"name": "CVE-2026-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53217"
},
{
"name": "CVE-2026-52916",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52916"
},
{
"name": "CVE-2026-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53236"
},
{
"name": "CVE-2026-53225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53225"
},
{
"name": "CVE-2026-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52922"
},
{
"name": "CVE-2026-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53209"
},
{
"name": "CVE-2026-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53135"
},
{
"name": "CVE-2026-52927",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52927"
},
{
"name": "CVE-2026-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53237"
},
{
"name": "CVE-2026-53186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53186"
},
{
"name": "CVE-2026-53182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53182"
},
{
"name": "CVE-2026-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53177"
},
{
"name": "CVE-2026-53255",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53255"
},
{
"name": "CVE-2026-53207",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53207"
},
{
"name": "CVE-2026-53160",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53160"
},
{
"name": "CVE-2026-53245",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53245"
},
{
"name": "CVE-2026-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53148"
},
{
"name": "CVE-2026-53133",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53133"
},
{
"name": "CVE-2026-53263",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53263"
},
{
"name": "CVE-2026-53228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53228"
},
{
"name": "CVE-2026-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53194"
},
{
"name": "CVE-2026-53242",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53242"
},
{
"name": "CVE-2026-53199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53199"
},
{
"name": "CVE-2026-53247",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53247"
},
{
"name": "CVE-2026-53268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53268"
},
{
"name": "CVE-2026-53159",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53159"
},
{
"name": "CVE-2026-9675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9675"
},
{
"name": "CVE-2026-53080",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53080"
},
{
"name": "CVE-2026-53267",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53267"
},
{
"name": "CVE-2026-52912",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52912"
},
{
"name": "CVE-2026-53221",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53221"
},
{
"name": "CVE-2026-53275",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53275"
},
{
"name": "CVE-2026-55200",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55200"
},
{
"name": "CVE-2026-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53215"
},
{
"name": "CVE-2026-53253",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53253"
},
{
"name": "CVE-2026-53252",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53252"
},
{
"name": "CVE-2026-53270",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53270"
},
{
"name": "CVE-2026-53264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53264"
},
{
"name": "CVE-2026-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53184"
},
{
"name": "CVE-2026-53254",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53254"
},
{
"name": "CVE-2026-53238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53238"
},
{
"name": "CVE-2026-52921",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52921"
},
{
"name": "CVE-2026-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53213"
},
{
"name": "CVE-2026-52930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52930"
},
{
"name": "CVE-2026-53265",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53265"
},
{
"name": "CVE-2026-52923",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52923"
},
{
"name": "CVE-2026-53154",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53154"
},
{
"name": "CVE-2026-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53196"
},
{
"name": "CVE-2026-52926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52926"
}
],
"initial_release_date": "2026-06-29T00:00:00",
"last_revision_date": "2026-06-29T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0812",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure Linux. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure Linux",
"vendor_advisories": [
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53215",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53215"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53209",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53209"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52912",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52912"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-9697",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9697"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53080",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53080"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53247",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53247"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53218",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53218"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53221"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53255",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53255"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52926",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52926"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52916",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52916"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52924",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52924"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53239",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53239"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53254",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53254"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-9675",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9675"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52930",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52930"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52941",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52941"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53236",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53236"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53176",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53176"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52942",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52942"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53268",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53268"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53266",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53266"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53160",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53160"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53148",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53148"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53270",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53270"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53217",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53217"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52934",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52934"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53253",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53253"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52943",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52943"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53227"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53182",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53182"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53230"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53186",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53186"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53184",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53184"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53161",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53161"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52923",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52923"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53237",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53237"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53213",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53213"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52947",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52947"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53245",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53245"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52922",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52922"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53159",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53159"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53150",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53150"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53275",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53275"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53133",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53133"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53264",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53264"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53267",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53267"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53265",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53265"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53196",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53196"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53219",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53219"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53149",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53149"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53242",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53242"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53146",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53146"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53252",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53252"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53194",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53194"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52919",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52919"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52931",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52931"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52921",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52921"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53181",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53181"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53154",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53154"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52913",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52913"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53135",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53135"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53183",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53183"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53249",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53249"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53228",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53228"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53147",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53147"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53143",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53143"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53158",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53158"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52915",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52915"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53238",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53238"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53263",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53263"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53207",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53207"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53225",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53225"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53214",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53214"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-55200",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55200"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53177",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53177"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53199",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53199"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52927",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52927"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53274",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53274"
}
]
}
FKIE_CVE-2026-9697
Vulnerability from fkie_nvd - Published: 2026-06-17 18:18 - Updated: 2026-06-30 03:21
Severity
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Impact:
undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings.
Applications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange.
Affected applications are those that use undici's ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added.
Patches:
Upgrade to undici v7.28.0 or v8.5.0.
Workarounds:
No workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly.
References
| URL | Tags | ||
|---|---|---|---|
| ce714d77-add3-4f53-aff5-83d477b104bb | https://cna.openjsf.org/security-advisories.html | Vendor Advisory | |
| ce714d77-add3-4f53-aff5-83d477b104bb | https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g | Mitigation, Vendor Advisory | |
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:22380 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:22934 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:7378 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/security/cve/CVE-2026-9697 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://bugzilla.redhat.com/show_bug.cgi?id=2490018 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9697.json |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/undici",
"product": "undici",
"vendor": "undici",
"versions": [
{
"lessThan": "7.28.0",
"status": "affected",
"version": "7.23.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "7.28.0",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "8.5.0",
"versionType": "semver"
}
]
}
],
"source": "ce714d77-add3-4f53-aff5-83d477b104bb"
},
{
"affectedData": [
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "affected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_portal:2"
],
"defaultStatus": "affected",
"product": "Self-service automation portal 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "470B6F0F-0441-4D55-A4A1-5DCBECF32E6F",
"versionEndExcluding": "7.28.0",
"versionStartIncluding": "7.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "37F3655C-C7AE-4B13-A5EB-6FE0A9566124",
"versionEndExcluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Impact:\nundici\u0027s ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node\u0027s default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings.\n\nApplications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange.\n\nAffected applications are those that use undici\u0027s ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added.\n\nPatches:\nUpgrade to undici v7.28.0 or v8.5.0.\n\nWorkarounds:\nNo workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly."
}
],
"id": "CVE-2026-9697",
"lastModified": "2026-06-30T03:21:47.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "ce714d77-add3-4f53-aff5-83d477b104bb",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-9697",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T00:00:00+00:00",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-17T18:18:06.473",
"references": [
{
"source": "ce714d77-add3-4f53-aff5-83d477b104bb",
"tags": [
"Vendor Advisory"
],
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"source": "ce714d77-add3-4f53-aff5-83d477b104bb",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:22380"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:22934"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9697.json"
}
],
"sourceIdentifier": "ce714d77-add3-4f53-aff5-83d477b104bb",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "ce714d77-add3-4f53-aff5-83d477b104bb",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
]
}
GHSA-VMH5-MC38-953G
Vulnerability from github – Published: 2026-06-18 14:28 – Updated: 2026-06-18 14:28
VLAI
Summary
undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
Details
Impact
undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings.
Applications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange.
Affected applications are those that use undici's ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added.
Patches
Upgrade to undici v7.28.0 or v8.5.0.
Workarounds
No workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly.
Severity
7.4 (High)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "7.23.0"
},
{
"fixed": "7.28.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-9697"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-18T14:28:21Z",
"nvd_published_at": "2026-06-17T18:18:06Z",
"severity": "HIGH"
},
"details": "## Impact\n\nundici\u0027s `ProxyAgent` silently drops the `requestTls` option when configured with a SOCKS5 proxy URI (`socks5://` or `socks://`). The target HTTPS connection through the SOCKS5 tunnel falls back to Node\u0027s default trust store, ignoring user-configured `ca`, `cert`, `key`, `rejectUnauthorized`, and `servername` settings.\n\nApplications that pin to an internal or corporate CA via `requestTls.ca` will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange.\n\nAffected applications are those that use undici\u0027s `ProxyAgent` (or `Socks5ProxyAgent` directly) with SOCKS5 AND rely on `requestTls` for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added.\n\n## Patches\n\nUpgrade to undici v7.28.0 or v8.5.0.\n\n## Workarounds\n\nNo workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy `ProxyAgent` instead, where `requestTls` is honored correctly.",
"id": "GHSA-vmh5-mc38-953g",
"modified": "2026-06-18T14:28:21Z",
"published": "2026-06-18T14:28:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697"
},
{
"type": "WEB",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"type": "PACKAGE",
"url": "https://github.com/nodejs/undici"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent"
}
MSRC_CVE-2026-9697
Vulnerability from csaf_microsoft - Published: 2026-06-02 00:00 - Updated: 2026-06-28 02:04Summary
undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-9697.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent",
"tracking": {
"current_release_date": "2026-06-28T02:04:02.000Z",
"generator": {
"date": "2026-06-28T07:10:57.239Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-9697",
"initial_release_date": "2026-06-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-06-27T01:07:52.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-06-28T02:04:02.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 nodejs 0:24.14.1-3.azl3",
"product": {
"name": "\u003cazl3 nodejs 0:24.14.1-3.azl3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 nodejs 0:24.14.1-3.azl3",
"product": {
"name": "azl3 nodejs 0:24.14.1-3.azl3",
"product_id": "21370"
}
}
],
"category": "product_name",
"name": "nodejs"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 nodejs 0:24.14.1-3.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 nodejs 0:24.14.1-3.azl3 as a component of Azure Linux 3.0",
"product_id": "21370-17084"
},
"product_reference": "21370",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-9697",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "general",
"text": "openjs",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"21370-17084"
],
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-9697.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-27T01:07:52.000Z",
"details": "0:24.17.0-1.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.4,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"17084-1"
]
}
],
"title": "undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent"
}
]
}
RHSA-2026:22380
Vulnerability from csaf_redhat - Published: 2026-06-02 03:47 - Updated: 2026-06-30 08:44Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
nodejs26:
* nodejs26-26.3.0-1.2.hum1 (aarch64, x86_64)
* nodejs26-bin-26.3.0-1.2.hum1 (noarch)
* nodejs26-devel-26.3.0-1.2.hum1 (aarch64, x86_64)
* nodejs26-docs-26.3.0-1.2.hum1 (noarch)
* nodejs26-full-i18n-26.3.0-1.2.hum1 (aarch64, x86_64)
* nodejs26-libs-26.3.0-1.2.hum1 (aarch64, x86_64)
* nodejs26-npm-11.16.0-1.26.3.0.1.2.hum1 (noarch)
* nodejs26-npm-bin-26.3.0-1.2.hum1 (noarch)
* v8-14.6-devel-14.6.202.34-1.26.3.0.1.2.hum1 (aarch64, x86_64)
* nodejs26-26.3.0-1.2.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js's default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs26-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:22380 | self |
| https://images.redhat.com/ | external |
| https://access.redhat.com/security/cve/CVE-2026-45149 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/security/cve/CVE-2026-9697 | external |
| https://access.redhat.com/security/cve/CVE-2026-6734 | external |
| https://access.redhat.com/security/cve/CVE-2026-9675 | external |
| https://access.redhat.com/security/cve/CVE-2026-9678 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-6734 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2490024 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-6734 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-6734 | external |
| https://cna.openjsf.org/security-advisories.html | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2026-9678 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2490000 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-9678 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-9678 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2026-9697 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2490018 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-9697 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-9697 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2026-45149 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483481 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-45149 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-45149 | external |
| https://github.com/juliangruber/brace-expansion/s… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nnodejs26:\n * nodejs26-26.3.0-1.2.hum1 (aarch64, x86_64)\n * nodejs26-bin-26.3.0-1.2.hum1 (noarch)\n * nodejs26-devel-26.3.0-1.2.hum1 (aarch64, x86_64)\n * nodejs26-docs-26.3.0-1.2.hum1 (noarch)\n * nodejs26-full-i18n-26.3.0-1.2.hum1 (aarch64, x86_64)\n * nodejs26-libs-26.3.0-1.2.hum1 (aarch64, x86_64)\n * nodejs26-npm-11.16.0-1.26.3.0.1.2.hum1 (noarch)\n * nodejs26-npm-bin-26.3.0-1.2.hum1 (noarch)\n * v8-14.6-devel-14.6.202.34-1.26.3.0.1.2.hum1 (aarch64, x86_64)\n * nodejs26-26.3.0-1.2.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22380",
"url": "https://access.redhat.com/errata/RHSA-2026:22380"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45149",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9697",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6734",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9675",
"url": "https://access.redhat.com/security/cve/CVE-2026-9675"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9678",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22380.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-30T08:44:47+00:00",
"generator": {
"date": "2026-06-30T08:44:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:22380",
"initial_release_date": "2026-06-02T03:47:28+00:00",
"revision_history": [
{
"date": "2026-06-02T03:47:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-18T11:12:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T08:44:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs26-main@aarch64",
"product": {
"name": "nodejs26-main@aarch64",
"product_id": "nodejs26-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs26@26.3.0-1.2.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs26-main@src",
"product": {
"name": "nodejs26-main@src",
"product_id": "nodejs26-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs26@26.3.0-1.2.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs26-main@x86_64",
"product": {
"name": "nodejs26-main@x86_64",
"product_id": "nodejs26-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs26@26.3.0-1.2.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs26-main@noarch",
"product": {
"name": "nodejs26-main@noarch",
"product_id": "nodejs26-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs26-bin@26.3.0-1.2.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs26-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs26-main@aarch64"
},
"product_reference": "nodejs26-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs26-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs26-main@noarch"
},
"product_reference": "nodejs26-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs26-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs26-main@src"
},
"product_reference": "nodejs26-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs26-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs26-main@x86_64"
},
"product_reference": "nodejs26-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6734",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:04:00.272340+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490024"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important security flaw. The `undici` library, when configured with `Socks5ProxyAgent` to handle requests for multiple origins, incorrectly reuses connection pools. This can lead to sensitive data and credentials being misrouted to unintended destinations, potentially downgrading HTTPS connections to HTTP and compromising data integrity and confidentiality. Red Hat products utilizing `undici` with `Socks5ProxyAgent` in multi-origin scenarios are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "RHBZ#2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
}
],
"release_date": "2026-06-17T16:36:55.439000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T03:47:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22380"
},
{
"category": "workaround",
"details": "The single most impactful mitigation is applying network egress controls to restrict which external destinations affected applications can reach. Because the vulnerability causes requests to be misrouted to wrong origins, limiting the set of reachable origins directly reduces the attack surface. These controls collectively limit the blast radius of the connection pool misrouting \u2014 the attacker must compromise one of the explicitly allowed destinations rather than any arbitrary origin \u2014 but they do not fix the underlying logic bug.",
"product_ids": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing"
},
{
"cve": "CVE-2026-9678",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:01:33.359372+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "RHBZ#2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
}
],
"release_date": "2026-06-17T17:04:09.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T03:47:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22380"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
},
{
"cve": "CVE-2026-9697",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-17T19:03:30.813843+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability. Applications using `undici`\u0027s `ProxyAgent` with a SOCKS5 proxy URI will silently ignore user-configured TLS options, including custom Certificate Authorities. This bypasses intended security controls for HTTPS communication, enabling a remote attacker to perform Man-in-the-Middle attacks, potentially leading to information disclosure or arbitrary code execution in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "RHBZ#2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
}
],
"release_date": "2026-06-17T16:46:42.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T03:47:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22380"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy"
},
{
"cve": "CVE-2026-45149",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-29T21:02:00.092772+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "RHBZ#2483481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2",
"url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2"
}
],
"release_date": "2026-05-29T19:55:07.337000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T03:47:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs26-main@aarch64",
"Red Hat Hardened Images:nodejs26-main@noarch",
"Red Hat Hardened Images:nodejs26-main@src",
"Red Hat Hardened Images:nodejs26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges"
}
]
}
RHSA-2026:22934
Vulnerability from csaf_redhat - Published: 2026-06-03 16:10 - Updated: 2026-06-30 08:44Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
rust:
* cargo-1.96.0-1.hum1 (aarch64, x86_64)
* clippy-1.96.0-1.hum1 (aarch64, x86_64)
* rust-1.96.0-1.hum1 (aarch64, x86_64)
* rust-analyzer-1.96.0-1.hum1 (aarch64, x86_64)
* rust-debugger-common-1.96.0-1.hum1 (noarch)
* rust-doc-1.96.0-1.hum1 (aarch64, x86_64)
* rust-gdb-1.96.0-1.hum1 (noarch)
* rust-lldb-1.96.0-1.hum1 (noarch)
* rust-src-1.96.0-1.hum1 (noarch)
* rust-std-static-1.96.0-1.hum1 (aarch64, x86_64)
* rust-std-static-aarch64-unknown-none-softfloat-1.96.0-1.hum1 (aarch64)
* rust-std-static-aarch64-unknown-uefi-1.96.0-1.hum1 (aarch64)
* rust-std-static-i686-pc-windows-gnu-1.96.0-1.hum1 (noarch)
* rust-std-static-wasm32-unknown-unknown-1.96.0-1.hum1 (noarch)
* rust-std-static-wasm32-wasip1-1.96.0-1.hum1 (noarch)
* rust-std-static-x86_64-pc-windows-gnu-1.96.0-1.hum1 (noarch)
* rust-std-static-x86_64-unknown-none-1.96.0-1.hum1 (x86_64)
* rust-std-static-x86_64-unknown-uefi-1.96.0-1.hum1 (x86_64)
* rustfmt-1.96.0-1.hum1 (aarch64, x86_64)
* rust-1.96.0-1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:rust-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in postcss. A remote attacker could exploit a vulnerability in the `toString` function of the AST Serialization component by executing a manipulation, leading to uncontrolled recursion. This uncontrolled recursion can result in a Denial of Service (DoS) condition, making the affected system unavailable.
4.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:rust-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in undici. A malicious WebSocket server could exploit this vulnerability by sending fragmented messages that individually meet size limits but collectively exceed them. This can lead to unbounded memory growth in the client process, resulting in memory exhaustion and a denial of service (DoS).
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:rust-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js's default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:rust-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:rust-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:rust-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:rust-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
44 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:22934 | self |
| https://images.redhat.com/ | external |
| https://access.redhat.com/security/cve/CVE-2026-45149 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/security/cve/CVE-2026-9358 | external |
| https://access.redhat.com/security/cve/CVE-2026-9697 | external |
| https://access.redhat.com/security/cve/CVE-2026-6734 | external |
| https://access.redhat.com/security/cve/CVE-2026-9675 | external |
| https://access.redhat.com/security/cve/CVE-2026-44432 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-6734 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2490024 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-6734 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-6734 | external |
| https://cna.openjsf.org/security-advisories.html | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2026-9358 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2481006 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-9358 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-9358 | external |
| https://gist.github.com/bx33661/581e3a38134601c04… | external |
| https://vuldb.com/submit/813080 | external |
| https://vuldb.com/vuln/365321 | external |
| https://vuldb.com/vuln/365321/cti | external |
| https://access.redhat.com/security/cve/CVE-2026-9675 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2489979 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-9675 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-9675 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2026-9697 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2490018 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-9697 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-9697 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2026-44432 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477154 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-44432 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-44432 | external |
| https://github.com/urllib3/urllib3/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-45149 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483481 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-45149 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-45149 | external |
| https://github.com/juliangruber/brace-expansion/s… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nrust:\n * cargo-1.96.0-1.hum1 (aarch64, x86_64)\n * clippy-1.96.0-1.hum1 (aarch64, x86_64)\n * rust-1.96.0-1.hum1 (aarch64, x86_64)\n * rust-analyzer-1.96.0-1.hum1 (aarch64, x86_64)\n * rust-debugger-common-1.96.0-1.hum1 (noarch)\n * rust-doc-1.96.0-1.hum1 (aarch64, x86_64)\n * rust-gdb-1.96.0-1.hum1 (noarch)\n * rust-lldb-1.96.0-1.hum1 (noarch)\n * rust-src-1.96.0-1.hum1 (noarch)\n * rust-std-static-1.96.0-1.hum1 (aarch64, x86_64)\n * rust-std-static-aarch64-unknown-none-softfloat-1.96.0-1.hum1 (aarch64)\n * rust-std-static-aarch64-unknown-uefi-1.96.0-1.hum1 (aarch64)\n * rust-std-static-i686-pc-windows-gnu-1.96.0-1.hum1 (noarch)\n * rust-std-static-wasm32-unknown-unknown-1.96.0-1.hum1 (noarch)\n * rust-std-static-wasm32-wasip1-1.96.0-1.hum1 (noarch)\n * rust-std-static-x86_64-pc-windows-gnu-1.96.0-1.hum1 (noarch)\n * rust-std-static-x86_64-unknown-none-1.96.0-1.hum1 (x86_64)\n * rust-std-static-x86_64-unknown-uefi-1.96.0-1.hum1 (x86_64)\n * rustfmt-1.96.0-1.hum1 (aarch64, x86_64)\n * rust-1.96.0-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22934",
"url": "https://access.redhat.com/errata/RHSA-2026:22934"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45149",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9358",
"url": "https://access.redhat.com/security/cve/CVE-2026-9358"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9697",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6734",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9675",
"url": "https://access.redhat.com/security/cve/CVE-2026-9675"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22934.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-30T08:44:51+00:00",
"generator": {
"date": "2026-06-30T08:44:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:22934",
"initial_release_date": "2026-06-03T16:10:32+00:00",
"revision_history": [
{
"date": "2026-06-03T16:10:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-18T13:18:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T08:44:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-main@src",
"product": {
"name": "rust-main@src",
"product_id": "rust-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rust@1.96.0-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-main@noarch",
"product": {
"name": "rust-main@noarch",
"product_id": "rust-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rust-debugger-common@1.96.0-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-main@aarch64",
"product": {
"name": "rust-main@aarch64",
"product_id": "rust-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cargo@1.96.0-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-main@x86_64",
"product": {
"name": "rust-main@x86_64",
"product_id": "rust-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cargo@1.96.0-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:rust-main@aarch64"
},
"product_reference": "rust-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:rust-main@noarch"
},
"product_reference": "rust-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:rust-main@src"
},
"product_reference": "rust-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:rust-main@x86_64"
},
"product_reference": "rust-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6734",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:04:00.272340+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490024"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important security flaw. The `undici` library, when configured with `Socks5ProxyAgent` to handle requests for multiple origins, incorrectly reuses connection pools. This can lead to sensitive data and credentials being misrouted to unintended destinations, potentially downgrading HTTPS connections to HTTP and compromising data integrity and confidentiality. Red Hat products utilizing `undici` with `Socks5ProxyAgent` in multi-origin scenarios are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "RHBZ#2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
}
],
"release_date": "2026-06-17T16:36:55.439000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T16:10:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22934"
},
{
"category": "workaround",
"details": "The single most impactful mitigation is applying network egress controls to restrict which external destinations affected applications can reach. Because the vulnerability causes requests to be misrouted to wrong origins, limiting the set of reachable origins directly reduces the attack surface. These controls collectively limit the blast radius of the connection pool misrouting \u2014 the attacker must compromise one of the explicitly allowed destinations rather than any arbitrary origin \u2014 but they do not fix the underlying logic bug.",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing"
},
{
"cve": "CVE-2026-9358",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2026-05-24T07:00:47.549016+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in postcss. A remote attacker could exploit a vulnerability in the `toString` function of the AST Serialization component by executing a manipulation, leading to uncontrolled recursion. This uncontrolled recursion can result in a Denial of Service (DoS) condition, making the affected system unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postcss-selector-parser: Postcss: Denial of Service via uncontrolled recursion in AST Serialization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9358"
},
{
"category": "external",
"summary": "RHBZ#2481006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9358",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9358"
},
{
"category": "external",
"summary": "https://gist.github.com/bx33661/581e3a38134601c04e19b4dfc9b459b9",
"url": "https://gist.github.com/bx33661/581e3a38134601c04e19b4dfc9b459b9"
},
{
"category": "external",
"summary": "https://vuldb.com/submit/813080",
"url": "https://vuldb.com/submit/813080"
},
{
"category": "external",
"summary": "https://vuldb.com/vuln/365321",
"url": "https://vuldb.com/vuln/365321"
},
{
"category": "external",
"summary": "https://vuldb.com/vuln/365321/cti",
"url": "https://vuldb.com/vuln/365321/cti"
}
],
"release_date": "2026-05-24T05:30:09.671000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T16:10:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postcss-selector-parser: Postcss: Denial of Service via uncontrolled recursion in AST Serialization"
},
{
"cve": "CVE-2026-9675",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2026-06-17T17:01:41.811903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489979"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server could exploit this vulnerability by sending fragmented messages that individually meet size limits but collectively exceed them. This can lead to unbounded memory growth in the client process, resulting in memory exhaustion and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated Moderate by Red Hat (CVSS 5.9) because successful exploitation requires the undici WebSocket client to connect to an attacker-controlled server (AC:H), which is unlikely in typical Red Hat product deployments where WebSocket endpoints are trusted internal services. No Red Hat product is affected \u2014 all streams shipping undici bundle versions 5.x through 7.x, which are outside the vulnerable range of 8.0.0 to 8.4.x. The vulnerable code path (unbounded WebSocket frame accumulation) was introduced in undici 8.0.0 and is not present in earlier major versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9675"
},
{
"category": "external",
"summary": "RHBZ#2489979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489979"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9675"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-38rv-x7px-6hhq",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-38rv-x7px-6hhq"
}
],
"release_date": "2026-06-17T16:20:32.548000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T16:10:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22934"
},
{
"category": "workaround",
"details": "Red Hat products that bundle the undici HTTP client ship versions 5.x, 6.x, and 7.x, which do not contain the vulnerable WebSocket frame accumulation code path introduced in undici 8.0.0. No Red Hat product streams are affected by this vulnerability. Users who have manually installed undici 8.x outside of Red Hat-provided packages should upgrade to undici 8.5.0 or later to fully resolve this issue.",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass"
},
{
"cve": "CVE-2026-9697",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-17T19:03:30.813843+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability. Applications using `undici`\u0027s `ProxyAgent` with a SOCKS5 proxy URI will silently ignore user-configured TLS options, including custom Certificate Authorities. This bypasses intended security controls for HTTPS communication, enabling a remote attacker to perform Man-in-the-Middle attacks, potentially leading to information disclosure or arbitrary code execution in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "RHBZ#2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
}
],
"release_date": "2026-06-17T16:46:42.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T16:10:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T16:10:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-45149",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-29T21:02:00.092772+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "RHBZ#2483481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2",
"url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2"
}
],
"release_date": "2026-05-29T19:55:07.337000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T16:10:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:rust-main@aarch64",
"Red Hat Hardened Images:rust-main@noarch",
"Red Hat Hardened Images:rust-main@src",
"Red Hat Hardened Images:rust-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges"
}
]
}
RHSA-2026:7378
Vulnerability from csaf_redhat - Published: 2026-04-10 13:03 - Updated: 2026-06-30 11:48Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.
7.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.
7.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A resource consumption flaw has been discovered in NodeJS. A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in undici. A malicious WebSocket server could exploit this vulnerability by sending fragmented messages that individually meet size limits but collectively exceed them. This can lead to unbounded memory growth in the client process, resulting in memory exhaustion and a denial of service (DoS).
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js's default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
78 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:7378 | self |
| https://images.redhat.com/ | external |
| https://access.redhat.com/security/cve/CVE-2025-59464 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/security/cve/CVE-2025-55132 | external |
| https://access.redhat.com/security/cve/CVE-2025-55131 | external |
| https://access.redhat.com/security/cve/CVE-2025-55130 | external |
| https://access.redhat.com/security/cve/CVE-2026-2950 | external |
| https://access.redhat.com/security/cve/CVE-2026-45149 | external |
| https://access.redhat.com/security/cve/CVE-2026-9697 | external |
| https://access.redhat.com/security/cve/CVE-2026-6734 | external |
| https://access.redhat.com/security/cve/CVE-2026-9675 | external |
| https://access.redhat.com/security/cve/CVE-2026-9678 | external |
| https://access.redhat.com/security/cve/CVE-2026-48618 | external |
| https://access.redhat.com/security/cve/CVE-2026-48933 | external |
| https://access.redhat.com/security/cve/CVE-2026-48615 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2025-55130 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2431352 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-55130 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-55130 | external |
| https://nodejs.org/en/blog/vulnerability/december… | external |
| https://access.redhat.com/security/cve/CVE-2025-55131 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2431350 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-55131 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-55131 | external |
| https://access.redhat.com/security/cve/CVE-2025-55132 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2431338 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-55132 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-55132 | external |
| https://access.redhat.com/security/cve/CVE-2025-59464 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2431344 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-59464 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-59464 | external |
| https://access.redhat.com/security/cve/CVE-2026-2950 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453499 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-2950 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-2950 | external |
| https://github.com/lodash/lodash/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2026-6734 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2490024 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-6734 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-6734 | external |
| https://cna.openjsf.org/security-advisories.html | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2026-9675 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2489979 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-9675 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-9675 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2026-9678 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2490000 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-9678 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-9678 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2026-9697 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2490018 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-9697 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-9697 | external |
| https://github.com/nodejs/undici/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2026-45149 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2483481 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-45149 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-45149 | external |
| https://github.com/juliangruber/brace-expansion/s… | external |
| https://access.redhat.com/security/cve/CVE-2026-48615 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2493335 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-48615 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-48615 | external |
| https://nodejs.org/en/blog/vulnerability/june-202… | external |
| https://access.redhat.com/security/cve/CVE-2026-48618 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2493337 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-48618 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-48618 | external |
| https://access.redhat.com/security/cve/CVE-2026-48933 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2493331 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-48933 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-48933 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7378",
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59464",
"url": "https://access.redhat.com/security/cve/CVE-2025-59464"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55132",
"url": "https://access.redhat.com/security/cve/CVE-2025-55132"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55131",
"url": "https://access.redhat.com/security/cve/CVE-2025-55131"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55130",
"url": "https://access.redhat.com/security/cve/CVE-2025-55130"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2950",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45149",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9697",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6734",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9675",
"url": "https://access.redhat.com/security/cve/CVE-2026-9675"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9678",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48618",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48933",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48615",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7378.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-30T11:48:09+00:00",
"generator": {
"date": "2026-06-30T11:48:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7378",
"initial_release_date": "2026-04-10T13:03:00+00:00",
"revision_history": [
{
"date": "2026-04-10T13:03:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-27T00:15:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T11:48:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs25-main@aarch64",
"product": {
"name": "nodejs25-main@aarch64",
"product_id": "nodejs25-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs25@25.9.0-1.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs25-main@src",
"product": {
"name": "nodejs25-main@src",
"product_id": "nodejs25-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs25@25.9.0-1.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs25-main@x86_64",
"product": {
"name": "nodejs25-main@x86_64",
"product_id": "nodejs25-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs25@25.9.0-1.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs25-main@noarch",
"product": {
"name": "nodejs25-main@noarch",
"product_id": "nodejs25-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs25-bin@25.9.0-1.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs25-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs25-main@aarch64"
},
"product_reference": "nodejs25-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs25-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs25-main@noarch"
},
"product_reference": "nodejs25-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs25-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs25-main@src"
},
"product_reference": "nodejs25-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs25-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs25-main@x86_64"
},
"product_reference": "nodejs25-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55130",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-01-20T21:03:01.083023+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431352"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Node.js\u2019s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs file permissions bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55130"
},
{
"category": "external",
"summary": "RHBZ#2431352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431352"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55130"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.393000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Nodejs file permissions bypass"
},
{
"cve": "CVE-2025-55131",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"discovery_date": "2026-01-20T21:02:45.759578+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431350"
}
],
"notes": [
{
"category": "description",
"text": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js\u0027s buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs uninitialized memory exposure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55131"
},
{
"category": "external",
"summary": "RHBZ#2431350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55131"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.591000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Nodejs uninitialized memory exposure"
},
{
"cve": "CVE-2025-55132",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-01-20T21:01:12.192484+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431338"
}
],
"notes": [
{
"category": "description",
"text": "A file access flaw has been discovered in NodeJS. A file\u0027s access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs filesystem permissions bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55132"
},
{
"category": "external",
"summary": "RHBZ#2431338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55132",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55132"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.620000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs filesystem permissions bypass"
},
{
"cve": "CVE-2025-59464",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-20T21:01:52.581156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431344"
}
],
"notes": [
{
"category": "description",
"text": "A resource consumption flaw has been discovered in NodeJS. A memory leak in Node.js\u2019s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs memory leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59464"
},
{
"category": "external",
"summary": "RHBZ#2431344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59464"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.599000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs memory leak"
},
{
"cve": "CVE-2026-2950",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-31T20:01:38.424064+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "RHBZ#2453499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-03-31T19:18:35.796000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass"
},
{
"cve": "CVE-2026-6734",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2026-06-17T19:04:00.272340+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490024"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from unintended origins may be trusted, and secure HTTPS connections could be silently downgraded to unencrypted HTTP, resulting in information disclosure and data integrity issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important security flaw. The `undici` library, when configured with `Socks5ProxyAgent` to handle requests for multiple origins, incorrectly reuses connection pools. This can lead to sensitive data and credentials being misrouted to unintended destinations, potentially downgrading HTTPS connections to HTTP and compromising data integrity and confidentiality. Red Hat products utilizing `undici` with `Socks5ProxyAgent` in multi-origin scenarios are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6734"
},
{
"category": "external",
"summary": "RHBZ#2490024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490024"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6734"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj"
}
],
"release_date": "2026-06-17T16:36:55.439000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "The single most impactful mitigation is applying network egress controls to restrict which external destinations affected applications can reach. Because the vulnerability causes requests to be misrouted to wrong origins, limiting the set of reachable origins directly reduces the attack surface. These controls collectively limit the blast radius of the connection pool misrouting \u2014 the attacker must compromise one of the explicitly allowed destinations rather than any arbitrary origin \u2014 but they do not fix the underlying logic bug.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing"
},
{
"cve": "CVE-2026-9675",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2026-06-17T17:01:41.811903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489979"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A malicious WebSocket server could exploit this vulnerability by sending fragmented messages that individually meet size limits but collectively exceed them. This can lead to unbounded memory growth in the client process, resulting in memory exhaustion and a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated Moderate by Red Hat (CVSS 5.9) because successful exploitation requires the undici WebSocket client to connect to an attacker-controlled server (AC:H), which is unlikely in typical Red Hat product deployments where WebSocket endpoints are trusted internal services. No Red Hat product is affected \u2014 all streams shipping undici bundle versions 5.x through 7.x, which are outside the vulnerable range of 8.0.0 to 8.4.x. The vulnerable code path (unbounded WebSocket frame accumulation) was introduced in undici 8.0.0 and is not present in earlier major versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9675"
},
{
"category": "external",
"summary": "RHBZ#2489979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489979"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9675"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-38rv-x7px-6hhq",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-38rv-x7px-6hhq"
}
],
"release_date": "2026-06-17T16:20:32.548000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Red Hat products that bundle the undici HTTP client ship versions 5.x, 6.x, and 7.x, which do not contain the vulnerable WebSocket frame accumulation code path introduced in undici 8.0.0. No Red Hat product streams are affected by this vulnerability. Users who have manually installed undici 8.x outside of Red Hat-provided packages should upgrade to undici 8.5.0 or later to fully resolve this issue.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass"
},
{
"cve": "CVE-2026-9678",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-17T19:01:33.359372+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from the cache, leading to information disclosure. This occurs when both authenticated and unauthenticated requests resolve to the same cache key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Information disclosure due to improper cache-control header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate information disclosure flaw in Undici\u0027s cache interceptor, when configured in shared-cache mode, allows an unauthenticated attacker to retrieve sensitive authenticated user data. This is due to incorrect parsing of Cache-Control headers containing whitespace-padded field names, leading to cached responses being served improperly. Red Hat products are affected if they explicitly enable shared-cache mode, forward Authorization headers, and process non-canonical Cache-Control directives.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9678"
},
{
"category": "external",
"summary": "RHBZ#2490000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9678"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9678"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6"
}
],
"release_date": "2026-06-17T17:04:09.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: Information disclosure due to improper cache-control header parsing"
},
{
"cve": "CVE-2026-9697",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-17T19:03:30.813843+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. When undici\u0027s ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier (URI), it silently ignores Transport Layer Security (TLS) options, such as custom Certificate Authorities (CAs). This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and tampering with HTTPS communications. The connection falls back to Node.js\u0027s default trust store, bypassing intended security configurations and potentially leading to information disclosure or arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability. Applications using `undici`\u0027s `ProxyAgent` with a SOCKS5 proxy URI will silently ignore user-configured TLS options, including custom Certificate Authorities. This bypasses intended security controls for HTTPS communication, enabling a remote attacker to perform Man-in-the-Middle attacks, potentially leading to information disclosure or arbitrary code execution in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9697"
},
{
"category": "external",
"summary": "RHBZ#2490018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9697"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g"
}
],
"release_date": "2026-06-17T16:46:42.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy"
},
{
"cve": "CVE-2026-45149",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-29T21:02:00.092772+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "RHBZ#2483481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2",
"url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2"
}
],
"release_date": "2026-05-29T19:55:07.337000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T13:03:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7378"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs25-main@aarch64",
"Red Hat Hardened Images:nodejs25-main@noarch",
"Red Hat Hardened Images:nodejs25-main@src",
"Red Hat Hardened Images:nodejs25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…