Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from cleanstart
Multiple security vulnerabilities affect the argo-workflows package. These issues are resolved in later releases. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "argo-workflows"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.7.9-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the argo-workflows package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-MK10646",
"modified": "2026-03-24T12:53:01Z",
"published": "2026-04-01T09:24:40.606937Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-MK10646.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2464-8j7c-4cjm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2x5j-vhc8-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-37cx-329c-33x3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9h8m-3fm2-qjrq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fv92-fjc5-jj9h"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fw7p-63qq-7hpr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p77j-4mvh-x3m3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-q9hv-hpm4-hj6x"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-61729, CVE-2026-25679, CVE-2026-25934, CVE-2026-27139, CVE-2026-27142, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-9h8m-3fm2-qjrq, ghsa-fv92-fjc5-jj9h, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3, ghsa-q9hv-hpm4-hj6x applied in versions: 3.6.16-r0, 3.7.4-r0, 3.7.9-r0, 3.7.9-r1",
"upstream": [
"CVE-2025-61729",
"CVE-2026-25679",
"CVE-2026-25934",
"CVE-2026-27139",
"CVE-2026-27142",
"ghsa-2464-8j7c-4cjm",
"ghsa-2x5j-vhc8-9cwm",
"ghsa-37cx-329c-33x3",
"ghsa-9h8m-3fm2-qjrq",
"ghsa-fv92-fjc5-jj9h",
"ghsa-fw7p-63qq-7hpr",
"ghsa-p77j-4mvh-x3m3",
"ghsa-q9hv-hpm4-hj6x"
]
}
CVE-2025-61729 (GCVE-0-2025-61729)
Vulnerability from cvelistv5 – Published: 2025-12-02 18:54 – Updated: 2025-12-03 19:37- CWE-400 - Uncontrolled Resource Consumption
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/x509 |
Affected:
0 , < 1.24.11
(semver)
Affected: 1.25.0 , < 1.25.5 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:52:36.341575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:52:58.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/x509",
"product": "crypto/x509",
"programRoutines": [
{
"name": "Certificate.VerifyHostname"
},
{
"name": "Certificate.Verify"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.24.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.25.5",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Philippe Antoine (Catena cyber)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:37:14.903Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/725920"
},
{
"url": "https://go.dev/issue/76445"
},
{
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"title": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-61729",
"datePublished": "2025-12-02T18:54:10.166Z",
"dateReserved": "2025-09-30T15:05:03.605Z",
"dateUpdated": "2025-12-03T19:37:14.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25679 (GCVE-0-2026-25679)
Vulnerability from cvelistv5 – Published: 2026-03-06 21:28 – Updated: 2026-07-03 12:04- CWE-1286 - Improper Validation of Syntactic Correctness of Input
| URL | Tags |
|---|---|
| https://go.dev/cl/752180 | |
| https://go.dev/issue/77578 | |
| https://groups.google.com/g/golang-announce/c/Edh… | |
| https://pkg.go.dev/vuln/GO-2026-4601 | |
| https://access.redhat.com/security/cve/CVE-2026-25679 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445356 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:13508 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8855 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:13512 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26527 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26541 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:28886 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:25043 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:21655 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:25180 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:27076 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6341 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:28047 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:34365 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:14868 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8314 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9435 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8856 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:5943 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10133 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8849 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8931 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:17084 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19719 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19750 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:17040 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7328 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10929 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:16696 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11375 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10701 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8842 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7005 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8840 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:5941 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7992 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6344 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6388 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:13642 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:13643 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7669 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10169 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11413 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11412 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19032 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:29195 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19133 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19022 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19027 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19026 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22937 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19049 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19135 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22450 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19017 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:24386 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19055 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19132 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19031 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:29035 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19126 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19128 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33722 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6949 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:16875 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7011 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7009 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8456 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7674 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7878 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8853 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7879 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:20581 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9043 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9094 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8434 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19634 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7876 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:20582 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8860 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9093 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8851 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7877 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:20584 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8877 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8878 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9695 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:16102 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9436 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7883 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8881 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8949 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8852 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:25252 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:25251 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9434 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7833 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8879 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9090 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:25248 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8322 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:25253 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:25250 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22733 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:12030 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:12032 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10712 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7834 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8930 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8882 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:12033 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19721 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:12028 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8324 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:12031 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:12029 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11749 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9109 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9439 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8848 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:5944 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8847 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8845 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9108 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19720 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19475 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:17287 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7665 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9097 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9098 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7259 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8841 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:5942 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6382 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6383 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:13671 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9044 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7315 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:29455 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:29703 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19350 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19181 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19185 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19184 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:23228 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19353 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22714 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26445 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19207 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:29702 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26636 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9872 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26585 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11800 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22862 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22423 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22347 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:5110 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:21769 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:23345 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:16874 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:29854 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26568 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8433 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22627 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:25127 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8151 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:13829 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:20889 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11217 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:13791 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:13545 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9742 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6802 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10140 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10141 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7385 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7291 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9052 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10184 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:5549 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10158 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:12282 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:21696 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:14100 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:21691 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:15091 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:28893 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:14774 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:20088 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:17598 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:21657 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:20041 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6564 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10175 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11688 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8483 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11686 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9440 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8484 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9448 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8490 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9453 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8491 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9461 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8493 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:9385 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:14020 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11747 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11916 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:6720 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11856 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:21017 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:24853 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19375 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11996 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:14879 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10125 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10065 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11768 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10250 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:10225 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8338 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8337 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:8167 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:28441 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/url |
Affected:
0 , < 1.25.8
(semver)
Affected: 1.26.0-0 , < 1.26.1 (semver) |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 10 |
cpe:/a:redhat:ansible_automation_platform:2.6::el10 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10 |
|
| Red Hat | Red Hat Enterprise Linux Server (v. 7 ELS) |
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 |
cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.12 |
cpe:/a:redhat:openshift:4.12::el8 cpe:/a:redhat:openshift:4.12::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.13 |
cpe:/a:redhat:openshift:4.13::el8 cpe:/a:redhat:openshift:4.13::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
cpe:/a:redhat:openshift:4.16::el8 cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
cpe:/a:redhat:openshift:4.18::el8 cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 |
cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9 |
|
| Red Hat | Cryostat 4 on RHEL 9 |
cpe:/a:redhat:cryostat:4::el9 |
|
| Red Hat | Red Hat OpenStack Platform 17.1 |
cpe:/a:redhat:openstack:17.1 cpe:/a:redhat:openstack:17.1::el9 |
|
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 |
cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 |
|
| Red Hat | Red Hat Satellite 6.19 for RHEL 9 |
cpe:/a:redhat:satellite:6.19::el9 cpe:/a:redhat:satellite_capsule:6.19::el9 cpe:/a:redhat:satellite_maintenance:6.19::el9 cpe:/a:redhat:satellite_utils:6.19::el9 |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 8) |
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream AUS (v. 8.2) |
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream AUS (v.8.4) |
cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4) |
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream AUS (v.8.6) |
cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.8.6) |
cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream TUS (v.8.6) |
cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.8.8) |
cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream TUS (v.8.8) |
cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.4) |
cpe:/a:redhat:rhel_e4s:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::crb |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::crb |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 9) |
cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Custom Metric Autoscaler 2.19 |
cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9 |
|
| Red Hat | DevWorkspace Operator 0.4 |
cpe:/a:redhat:devworkspace:0.40::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.0 |
cpe:/a:redhat:logging:6.0::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.2 |
cpe:/a:redhat:logging:6.2::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.4 |
cpe:/a:redhat:logging:6.4::el9 |
|
| Red Hat | Multicluster Global Hub 1.3.4 |
cpe:/a:redhat:multicluster_globalhub:1.3::el9 |
|
| Red Hat | Multicluster Global Hub 1.4.5 |
cpe:/a:redhat:multicluster_globalhub:1.4::el9 |
|
| Red Hat | Multicluster Global Hub 1.5.4 |
cpe:/a:redhat:multicluster_globalhub:1.5::el9 |
|
| Red Hat | Multicluster Global Hub 1.6.2 |
cpe:/a:redhat:multicluster_globalhub:1.6::el9 |
|
| Red Hat | Network Observability (NETOBSERV) 1.11.2 |
cpe:/a:redhat:network_observ_optr:1.11::el9 |
|
| Red Hat | OpenShift API for Data Protection 1.4 |
cpe:/a:redhat:openshift_api_data_protection:1.4::el9 |
|
| Red Hat | OpenShift API for Data Protection 1.5 |
cpe:/a:redhat:openshift_api_data_protection:1.5::el9 |
|
| Red Hat | OpenShift Compliance Operator 1 |
cpe:/a:redhat:openshift_compliance_operator:1::el9 |
|
| Red Hat | OpenShift File Integrity Operator - FIO 1 |
cpe:/a:redhat:openshift_file_integrity_operator:1::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.14 |
cpe:/a:redhat:acm:2.14::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.15 |
cpe:/a:redhat:acm:2.15::el9 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.10 |
cpe:/a:redhat:advanced_cluster_security:4.10::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.8 |
cpe:/a:redhat:advanced_cluster_security:4.8::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.9 |
cpe:/a:redhat:advanced_cluster_security:4.9::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 |
|
| Red Hat | Red Hat Developer Hub 1.8 |
cpe:/a:redhat:rhdh:1.8::el9 |
|
| Red Hat | Red Hat Developer Hub 1.9 |
cpe:/a:redhat:rhdh:1.9::el9 |
|
| Red Hat | Red Hat Enterprise Linux AI 3.3 |
cpe:/a:redhat:enterprise_linux_ai:3.3::el9 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat Lightspeed (formerly Insights) for Runtimes 1 |
cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9 |
|
| Red Hat | Red Hat OpenShift AI 2.25 |
cpe:/a:redhat:openshift_ai:2.25::el9 |
|
| Red Hat | Red Hat OpenShift Builds 1.6.5 |
cpe:/a:redhat:openshift_builds:1.6::el9 |
|
| Red Hat | Red Hat OpenShift Builds 1.7.3 |
cpe:/a:redhat:openshift_builds:1.7::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.19 |
cpe:/a:redhat:openshift:4.19::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.20 |
cpe:/a:redhat:openshift:4.20::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.27 |
cpe:/a:redhat:openshift_devspaces:3.27::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 2.6 |
cpe:/a:redhat:service_mesh:2.6::el8 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.0 |
cpe:/a:redhat:service_mesh:3.0::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.1 |
cpe:/a:redhat:service_mesh:3.1::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.2 |
cpe:/a:redhat:service_mesh:3.2::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.3 |
cpe:/a:redhat:service_mesh:3.3::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.9.3 |
cpe:/a:redhat:openshift_distributed_tracing:3.9::el9 |
|
| Red Hat | Red Hat OpenStack 1.5 |
cpe:/a:redhat:stf:1.5::el9 |
|
| Red Hat | Red Hat OpenStack Services on OpenShift 18 |
cpe:/a:redhat:openstack:18.0::el9 |
|
| Red Hat | Red Hat Quay 3.10 |
cpe:/a:redhat:quay:3.10::el8 |
|
| Red Hat | Red Hat Quay 3.12 |
cpe:/a:redhat:quay:3.12::el8 |
|
| Red Hat | Red Hat Quay 3.14 |
cpe:/a:redhat:quay:3.14::el8 |
|
| Red Hat | Red Hat Quay 3.15 |
cpe:/a:redhat:quay:3.15::el8 |
|
| Red Hat | Red Hat Quay 3.16 |
cpe:/a:redhat:quay:3.16::el9 |
|
| Red Hat | Red Hat Quay 3.9 |
cpe:/a:redhat:quay:3.9::el8 |
|
| Red Hat | Red Hat Satellite 6.18 |
cpe:/a:redhat:satellite:6.18::el9 |
|
| Red Hat | Red Hat Trusted Artifact Signer 1.3 |
cpe:/a:redhat:trusted_artifact_signer:1.3::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Web Terminal 1.11 |
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.12 |
cpe:/a:redhat:webterminal:1.12::el9 |
|
| Red Hat | Red Hat Web Terminal 1.13 |
cpe:/a:redhat:webterminal:1.13::el9 |
|
| Red Hat | Red Hat Web Terminal 1.14 |
cpe:/a:redhat:webterminal:1.14::el9 |
|
| Red Hat | Red Hat Web Terminal 1.15 |
cpe:/a:redhat:webterminal:1.15::el9 |
|
| Red Hat | mirror registry for Red Hat OpenShift 2.0 |
cpe:/a:redhat:mirror_registry:2.0::el8 |
|
| Red Hat | Assisted Installer for Red Hat OpenShift Container Platform 2 |
cpe:/a:redhat:assisted_installer:2 |
|
| Red Hat | cert-manager Operator for Red Hat OpenShift |
cpe:/a:redhat:cert_manager:1 |
|
| Red Hat | Confidential Compute Attestation |
cpe:/a:redhat:confidential_compute_attestation:1 |
|
| Red Hat | Deployment Validation Operator |
cpe:/a:redhat:deployment_validator_operator |
|
| Red Hat | External Secrets Operator for Red Hat OpenShift |
cpe:/a:redhat:external_secrets_operator:1 |
|
| Red Hat | ExternalDNS Operator |
cpe:/a:redhat:ext_dns_optr:1 |
|
| Red Hat | Fence Agents Remediation Operator |
cpe:/a:redhat:workload_availability_far:0 |
|
| Red Hat | Gatekeeper 3 |
cpe:/a:redhat:gatekeeper:3 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift |
cpe:/a:redhat:logging:5 |
|
| Red Hat | Logical Volume Manager Storage |
cpe:/a:redhat:lvms:4 |
|
| Red Hat | Machine Deletion Remediation Operator |
cpe:/a:redhat:workload_availability_mdr:0 |
|
| Red Hat | Migration Toolkit for Containers |
cpe:/a:redhat:rhmt:1 |
|
| Red Hat | mirror registry for Red Hat OpenShift |
cpe:/a:redhat:mirror_registry:1 |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | OpenShift Developer Tools and Services |
cpe:/a:redhat:ocp_tools |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | OpenShift Service Mesh 2 |
cpe:/a:redhat:service_mesh:2 |
|
| Red Hat | Red Hat 3scale API Management Platform 2 |
cpe:/a:redhat:red_hat_3scale_amp:2 |
|
| Red Hat | Red Hat Certification Program for Red Hat Enterprise Linux 9 |
cpe:/a:redhat:certifications:9 |
|
| Red Hat | Red Hat Connectivity Link 1 |
cpe:/a:redhat:connectivity_link:1 |
|
| Red Hat | Red Hat Edge Manager 1 |
cpe:/a:redhat:edge_manager:1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenShift Cluster Manager CLI |
cpe:/a:redhat:openshift_cluster_manager_cli:1 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat Openshift Data Foundation 4 |
cpe:/a:redhat:openshift_data_foundation:4 |
|
| Red Hat | Red Hat OpenShift GitOps |
cpe:/a:redhat:openshift_gitops:1 |
|
| Red Hat | Red Hat OpenShift on AWS |
cpe:/a:redhat:openshift_service_on_aws:1 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenStack Platform 16.2 |
cpe:/a:redhat:openstack:16.2 |
|
| Red Hat | Red Hat OpenStack Platform 18.0 |
cpe:/a:redhat:openstack:18.0 |
|
| Red Hat | Red Hat Quay 3 |
cpe:/a:redhat:quay:3 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | Red Hat Service Interconnect 1 |
cpe:/a:redhat:service_interconnect:1 |
|
| Red Hat | Red Hat Service Interconnect 2 |
cpe:/a:redhat:service_interconnect:2 |
|
| Red Hat | Security Profiles Operator |
cpe:/a:redhat:openshift_security_profiles_operator:1 |
|
| Red Hat | streams for Apache Kafka 3 |
cpe:/a:redhat:amq_streams:3 |
|
| Red Hat | Zero Trust Workload Identity Manager |
cpe:/a:redhat:zero_trust_workload_identity_manager:1 |
|
| Red Hat | Zero Trust Workload Identity Manager - Tech Preview |
cpe:/a:redhat:zero_trust_workload_identity_manager:0 |
|
| Red Hat | Migration Toolkit for Applications 8 |
cpe:/a:redhat:migration_toolkit_applications:8 |
|
| Red Hat | Node HealthCheck Operator |
cpe:/a:redhat:workload_availability_nhc:0 |
|
| Red Hat | Power monitoring for Red Hat OpenShift |
cpe:/a:redhat:openshift_power_monitoring |
|
| Red Hat | Red Hat AMQ Clients |
cpe:/a:redhat:amq_clients:2023 |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
|
| Red Hat | Red Hat build of Apache Camel - HawtIO 4 |
cpe:/a:redhat:apache_camel_hawtio:4 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift for Windows Containers |
cpe:/a:redhat:windows_machine_config |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-25679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T13:36:26.554241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T13:37:02.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.12::el8",
"cpe:/a:redhat:openshift:4.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.13::el8",
"cpe:/a:redhat:openshift:4.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.14::el8",
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.16::el8",
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el8",
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.16 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4::el9"
],
"defaultStatus": "affected",
"product": "Cryostat 4 on RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:17.1",
"cpe:/a:redhat:openstack:17.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite_capsule:6.16::el9",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.16 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.19::el9",
"cpe:/a:redhat:satellite_capsule:6.19::el9",
"cpe:/a:redhat:satellite_maintenance:6.19::el9",
"cpe:/a:redhat:satellite_utils:6.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.19 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9"
],
"defaultStatus": "affected",
"product": "Custom Metric Autoscaler 2.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:devworkspace:0.40::el9"
],
"defaultStatus": "affected",
"product": "DevWorkspace Operator 0.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.0::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.2::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.4::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.3::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.3.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.4::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.4.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.5::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.5.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.6::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.6.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.5::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
],
"defaultStatus": "affected",
"product": "OpenShift File Integrity Operator - FIO 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.6.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.7.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.27::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.27",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3.9.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:stf:1.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:18.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Services on OpenShift 18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:2.0::el8"
],
"defaultStatus": "affected",
"product": "mirror registry for Red Hat OpenShift 2.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:assisted_installer:2"
],
"defaultStatus": "affected",
"product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:deployment_validator_operator"
],
"defaultStatus": "affected",
"product": "Deployment Validation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:external_secrets_operator:1"
],
"defaultStatus": "affected",
"product": "External Secrets Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ext_dns_optr:1"
],
"defaultStatus": "affected",
"product": "ExternalDNS Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_far:0"
],
"defaultStatus": "affected",
"product": "Fence Agents Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "affected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lvms:4"
],
"defaultStatus": "affected",
"product": "Logical Volume Manager Storage",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_mdr:0"
],
"defaultStatus": "affected",
"product": "Machine Deletion Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:1"
],
"defaultStatus": "affected",
"product": "mirror registry for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "affected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:certifications:9"
],
"defaultStatus": "affected",
"product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_cluster_manager_cli:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Cluster Manager CLI",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_service_on_aws:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift on AWS",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:1"
],
"defaultStatus": "affected",
"product": "Red Hat Service Interconnect 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:2"
],
"defaultStatus": "affected",
"product": "Red Hat Service Interconnect 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_security_profiles_operator:1"
],
"defaultStatus": "affected",
"product": "Security Profiles Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:1"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "unaffected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "unaffected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_power_monitoring"
],
"defaultStatus": "unaffected",
"product": "Power monitoring for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_clients:2023"
],
"defaultStatus": "unaffected",
"product": "Red Hat AMQ Clients",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:windows_machine_config"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift for Windows Containers",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-06T21:28:14.211Z",
"descriptions": [
{
"lang": "en",
"value": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T12:04:59.737Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"name": "RHBZ#2445356",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25679.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13508"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8855"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13512"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26527"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26541"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28886"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25043"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21655"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25180"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27076"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6341"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28047"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34365"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14868"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8314"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9435"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8856"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5943"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10133"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8849"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8931"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17084"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19719"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19750"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17040"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7328"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10929"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16696"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10701"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8842"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7005"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5941"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7992"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6344"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6388"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13642"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13643"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7669"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10169"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11413"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11412"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19032"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29195"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19133"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19022"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19027"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19026"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22937"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19049"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19135"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24386"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19055"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19132"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19031"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29035"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19126"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19128"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33722"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6949"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16875"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7009"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8456"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7674"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7878"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7879"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20581"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9043"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9094"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8434"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19634"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7876"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20582"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8860"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9093"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8851"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7877"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20584"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8877"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8878"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9695"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16102"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9436"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7883"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8881"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8949"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8852"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25252"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25251"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9434"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7833"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8879"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9090"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25248"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8322"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25253"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25250"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22733"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12030"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12032"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10712"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7834"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8930"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8882"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12033"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19721"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12028"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8324"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12031"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12029"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11749"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9109"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9439"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8848"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5944"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8847"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8845"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9108"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19720"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19475"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17287"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7665"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9097"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9098"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7259"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8841"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5942"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6382"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6383"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13671"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9044"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7315"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29703"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19350"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19181"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19185"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19184"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23228"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19353"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26445"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19207"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29702"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26636"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9872"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26585"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11800"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29854"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8433"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22627"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13829"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11217"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13791"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13545"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10140"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10141"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9052"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10184"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5549"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12282"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21696"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14100"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21691"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15091"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28893"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14774"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20088"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17598"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21657"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20041"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6564"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10175"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11688"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8483"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11686"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9440"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8484"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9448"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8490"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9453"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8491"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9461"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8493"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14020"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11747"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6720"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14879"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10065"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11768"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8337"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8167"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:13508: Red Hat Ansible Automation Platform 2.6 for RHEL 10, Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:8855: Red Hat Enterprise Linux Server (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2026:13512: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:26527: Red Hat OpenShift Container Platform 4.12"
},
{
"lang": "en",
"value": "RHSA-2026:26541: Red Hat OpenShift Container Platform 4.13"
},
{
"lang": "en",
"value": "RHSA-2026:28886: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:25043: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:21655: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:25180: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:6341: Cryostat 4 on RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:28047: Red Hat OpenStack Platform 17.1"
},
{
"lang": "en",
"value": "RHSA-2026:34365: Red Hat Satellite 6.19 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:14868: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:8314: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:9435: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:8856: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:5943: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:10133: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:8849: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:8931: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:17084: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19750: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:17040: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:7328: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:10929: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:16696: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:11375: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:10701: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:8842: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:7005: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:8840: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:5941: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:7992: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:6344: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:6388: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:13642: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:13643: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:7669: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:10169: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:11413: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:11412: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19032: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:29195: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19133: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19022: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19027: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19026: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22937: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19049: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22450: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19017: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:24386: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19055: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19132: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19031: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:29035: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19126: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19128: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:33722: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:6949: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:16875: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:7011: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:7009: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:8456: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:7674: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:7878: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
},
{
"lang": "en",
"value": "RHSA-2026:8853: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
},
{
"lang": "en",
"value": "RHSA-2026:7879: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:20581: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:9043: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:9094: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:8434: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:19634: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:7876: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:20582: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:8860: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:9093: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:8851: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:7877: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:20584: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:8877: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:8878: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:9695: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:16102: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:9436: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:7883: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:8881: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:8949: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:8852: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:25252: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:25251: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:9434: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:7833: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:8879: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:9090: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:25248: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:8322: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:25253: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:25250: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:22733: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:12030: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:12032: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:10712: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:7834: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:8930: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:8882: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:12033: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:12028: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:8324: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:12031: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:12029: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:11749: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:9109: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:9439: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:8848: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:5944: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:8847: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:8845: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:9108: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19475: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:17287: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:7665: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:9097: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:9098: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:7259: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:8841: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:5942: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:6382: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:6383: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:13671: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:9044: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:7315: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:29455: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:29703: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19350: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19181: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19185: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19184: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:23228: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:22714: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:26445: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19207: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:29702: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:26636: Custom Metric Autoscaler 2.19"
},
{
"lang": "en",
"value": "RHSA-2026:9872: DevWorkspace Operator 0.4"
},
{
"lang": "en",
"value": "RHSA-2026:26585: Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"lang": "en",
"value": "RHSA-2026:11800: Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"lang": "en",
"value": "RHSA-2026:22862: Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"lang": "en",
"value": "RHSA-2026:22423: Multicluster Global Hub 1.3.4"
},
{
"lang": "en",
"value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
},
{
"lang": "en",
"value": "RHSA-2026:5110: Multicluster Global Hub 1.5.4"
},
{
"lang": "en",
"value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
},
{
"lang": "en",
"value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
},
{
"lang": "en",
"value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:29854: OpenShift API for Data Protection 1.4"
},
{
"lang": "en",
"value": "RHSA-2026:26568: OpenShift API for Data Protection 1.5"
},
{
"lang": "en",
"value": "RHSA-2026:8433: OpenShift Compliance Operator 1"
},
{
"lang": "en",
"value": "RHSA-2026:22627: OpenShift File Integrity Operator - FIO 1"
},
{
"lang": "en",
"value": "RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"lang": "en",
"value": "RHSA-2026:8151: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:11217: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:6802: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:10140: Red Hat Enterprise Linux AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:10141: Red Hat Enterprise Linux AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:7385: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:7291: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:9052: Red Hat Lightspeed (formerly Insights) for Runtimes 1"
},
{
"lang": "en",
"value": "RHSA-2026:10184: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:5549: Red Hat OpenShift Builds 1.6.5"
},
{
"lang": "en",
"value": "RHSA-2026:10158: Red Hat OpenShift Builds 1.7.3"
},
{
"lang": "en",
"value": "RHSA-2026:12282: Red Hat OpenShift Container Platform 4.12"
},
{
"lang": "en",
"value": "RHSA-2026:21696: Red Hat OpenShift Container Platform 4.12"
},
{
"lang": "en",
"value": "RHSA-2026:14100: Red Hat OpenShift Container Platform 4.12"
},
{
"lang": "en",
"value": "RHSA-2026:21691: Red Hat OpenShift Container Platform 4.13"
},
{
"lang": "en",
"value": "RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:28893: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:20088: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:17598: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:21657: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:6564: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"
},
{
"lang": "en",
"value": "RHSA-2026:11688: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:8483: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:11686: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:9440: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:8484: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:9448: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:8490: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:9453: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:8491: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:9461: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:8493: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:14020: Red Hat OpenStack 1.5"
},
{
"lang": "en",
"value": "RHSA-2026:11747: Red Hat OpenStack Services on OpenShift 18"
},
{
"lang": "en",
"value": "RHSA-2026:11916: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:6720: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:11856: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:24853: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:11996: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:14879: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:10125: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:10065: Red Hat Update Infrastructure 5"
},
{
"lang": "en",
"value": "RHSA-2026:11768: Red Hat Update Infrastructure 5"
},
{
"lang": "en",
"value": "RHSA-2026:10250: Red Hat Web Terminal 1.11"
},
{
"lang": "en",
"value": "RHSA-2026:10225: Red Hat Web Terminal 1.12"
},
{
"lang": "en",
"value": "RHSA-2026:8338: Red Hat Web Terminal 1.13"
},
{
"lang": "en",
"value": "RHSA-2026:8337: Red Hat Web Terminal 1.14"
},
{
"lang": "en",
"value": "RHSA-2026:8167: Red Hat Web Terminal 1.15"
},
{
"lang": "en",
"value": "RHSA-2026:28441: mirror registry for Red Hat OpenShift 2.0"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T22:02:11.567Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-06T21:28:14.211Z",
"value": "Made public."
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/url",
"product": "net/url",
"programRoutines": [
{
"name": "parseHost"
},
{
"name": "JoinPath"
},
{
"name": "Parse"
},
{
"name": "ParseRequestURI"
},
{
"name": "URL.Parse"
},
{
"name": "URL.UnmarshalBinary"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.1",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Masaki Hara (https://github.com/qnighy) of Wantedly"
}
],
"descriptions": [
{
"lang": "en",
"value": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T21:28:14.211Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/752180"
},
{
"url": "https://go.dev/issue/77578"
},
{
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"title": "Incorrect parsing of IPv6 host literals in net/url"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-25679",
"datePublished": "2026-03-06T21:28:14.211Z",
"dateReserved": "2026-02-05T01:33:41.943Z",
"dateUpdated": "2026-07-03T12:04:59.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25934 (GCVE-0-2026-25934)
Vulnerability from cvelistv5 – Published: 2026-02-09 22:13 – Updated: 2026-02-11 21:23- CWE-354 - Improper Validation of Integrity Check Value
| URL | Tags |
|---|---|
| https://github.com/go-git/go-git/security/advisor… | x_refsource_CONFIRM |
| https://github.com/go-git/go-git/releases/tag/v5.16.5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T21:23:04.617787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T21:23:14.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "go-git",
"vendor": "go-git",
"versions": [
{
"status": "affected",
"version": "\u003c 5.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T22:13:41.974Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3"
},
{
"name": "https://github.com/go-git/go-git/releases/tag/v5.16.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/go-git/go-git/releases/tag/v5.16.5"
}
],
"source": {
"advisory": "GHSA-37cx-329c-33x3",
"discovery": "UNKNOWN"
},
"title": "go-git improperly verifies data integrity values for .idx and .pack files"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25934",
"datePublished": "2026-02-09T22:13:41.974Z",
"dateReserved": "2026-02-09T16:22:17.786Z",
"dateUpdated": "2026-02-11T21:23:14.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27139 (GCVE-0-2026-27139)
Vulnerability from cvelistv5 – Published: 2026-03-06 21:28 – Updated: 2026-03-09 14:53- CWE-363 - Race Condition Enabling Link Following
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | os |
Affected:
0 , < 1.25.8
(semver)
Affected: 1.26.0-0 , < 1.26.1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T14:53:55.467850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T14:53:58.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "os",
"product": "os",
"programRoutines": [
{
"name": "File.ReadDir"
},
{
"name": "File.Readdir"
},
{
"name": "ReadDir"
},
{
"name": "dirFS.ReadDir"
},
{
"name": "rootFS.ReadDir"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.1",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Miloslav Trma\u010d of Red Hat"
}
],
"descriptions": [
{
"lang": "en",
"value": "On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-363: Race Condition Enabling Link Following",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T21:28:14.451Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"url": "https://go.dev/issue/77827"
},
{
"url": "https://go.dev/cl/749480"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4602"
}
],
"title": "FileInfo can escape from a Root in os"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-27139",
"datePublished": "2026-03-06T21:28:14.451Z",
"dateReserved": "2026-02-17T19:57:28.435Z",
"dateUpdated": "2026-03-09T14:53:58.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27142 (GCVE-0-2026-27142)
Vulnerability from cvelistv5 – Published: 2026-03-06 21:28 – Updated: 2026-03-16 15:21- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | html/template |
Affected:
0 , < 1.25.8
(semver)
Affected: 1.26.0-0 , < 1.26.1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T15:21:11.058826Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T15:21:14.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "html/template",
"product": "html/template",
"programRoutines": [
{
"name": "tTag"
},
{
"name": "escaper.escapeAction"
},
{
"name": "Template.Execute"
},
{
"name": "Template.ExecuteTemplate"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.1",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T21:28:14.674Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"url": "https://go.dev/issue/77954"
},
{
"url": "https://go.dev/cl/752081"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4603"
}
],
"title": "URLs in meta content attribute actions are not escaped in html/template"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-27142",
"datePublished": "2026-03-06T21:28:14.674Z",
"dateReserved": "2026-02-17T19:57:28.435Z",
"dateUpdated": "2026-03-16T15:21:14.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GHSA-2464-8J7C-4CJM
Vulnerability from github – Published: 2025-08-21 14:37 – Updated: 2026-01-27 21:01Summary
Use of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields.
Details
OpenBao (and presumably HashiCorp Vault) have surfaced error messages from mapstructure as follows:
https://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L43-L50
_, _, err := d.getPrimitive(field, schema)
if err != nil {
return fmt.Errorf("error converting input for field %q: %w", field, err)
}
where this calls mapstructure.WeakDecode(...): https://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L181-L193
func (d *FieldData) getPrimitive(k string, schema *FieldSchema) (interface{}, bool, error) {
raw, ok := d.Raw[k]
if !ok {
return nil, false, nil
}
switch t := schema.Type; t {
case TypeBool:
var result bool
if err := mapstructure.WeakDecode(raw, &result); err != nil {
return nil, false, err
}
return result, true, nil
Notably, WeakDecode(...) eventually calls one of the decode helpers, which surfaces the original value via strconv helpers:
https://github.com/go-viper/mapstructure/blob/8c61ec1924fcfa522f9fc6b4618c672db61d1a38/mapstructure.go#L720-L727
https://github.com/go-viper/mapstructure/blob/8c61ec1924fcfa522f9fc6b4618c672db61d1a38/mapstructure.go#L791-L798
https://github.com/go-viper/mapstructure/blob/8c61ec1924fcfa522f9fc6b4618c672db61d1a38/decode_hooks.go#L180
& more. These are different code paths than are fixed in the previous iteration at https://github.com/go-viper/mapstructure/security/advisories/GHSA-fv92-fjc5-jj9h.
PoC
To reproduce with OpenBao:
$ podman run --pull=always -p 8300:8300 openbao/openbao:latest server -dev -dev-root-token-id=root -dev-listen-address=0.0.0.0:8300
and in a new tab:
$ BAO_TOKEN=root BAO_ADDR=http://localhost:8300 bao auth enable userpass
Success! Enabled userpass auth method at: userpass/
$ curl -X PUT -H "X-Vault-Request: true" -H "X-Vault-Token: root" -d '{"ttl":"asdf"}' "http://localhost:8200/v1/auth/userpass/users/asdf"
--> server logs:
2025-06-25T21:32:25.101-0500 [ERROR] core: failed to run existence check: error="error converting input for field \"ttl\": time: invalid duration \"asdf\""
Impact
This is an information disclosure bug with little mitigation. See https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717 for a previous version. That version was fixed, but this is in the second part of that error message (starting at '' expected a map, got 'string' -- when the field type is string and a map is provided, we see the above information leak -- the previous example had a map type field with a string value provided).
This was rated 4.5 Medium by HashiCorp in the past iteration.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.3.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/go-viper/mapstructure/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-11065"
],
"database_specific": {
"cwe_ids": [
"CWE-117"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-21T14:37:19Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nUse of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields.\n\n### Details\n\nOpenBao (and presumably HashiCorp Vault) have surfaced error messages from `mapstructure` as follows:\n\nhttps://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L43-L50\n\n```go\n\t\t\t_, _, err := d.getPrimitive(field, schema)\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"error converting input for field %q: %w\", field, err)\n\t\t\t}\n```\n\nwhere this calls `mapstructure.WeakDecode(...)`: https://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L181-L193\n\n```go\n\nfunc (d *FieldData) getPrimitive(k string, schema *FieldSchema) (interface{}, bool, error) {\n\traw, ok := d.Raw[k]\n\tif !ok {\n\t\treturn nil, false, nil\n\t}\n\n\tswitch t := schema.Type; t {\n\tcase TypeBool:\n\t\tvar result bool\n\t\tif err := mapstructure.WeakDecode(raw, \u0026result); err != nil {\n\t\t\treturn nil, false, err\n\t\t}\n\t\treturn result, true, nil\n```\n\nNotably, `WeakDecode(...)` eventually calls one of the decode helpers, which surfaces the original value via `strconv` helpers:\n\nhttps://github.com/go-viper/mapstructure/blob/8c61ec1924fcfa522f9fc6b4618c672db61d1a38/mapstructure.go#L720-L727\n\nhttps://github.com/go-viper/mapstructure/blob/8c61ec1924fcfa522f9fc6b4618c672db61d1a38/mapstructure.go#L791-L798\n\nhttps://github.com/go-viper/mapstructure/blob/8c61ec1924fcfa522f9fc6b4618c672db61d1a38/decode_hooks.go#L180\n\n\u0026 more. These are different code paths than are fixed in the previous iteration at https://github.com/go-viper/mapstructure/security/advisories/GHSA-fv92-fjc5-jj9h.\n\n### PoC\n\nTo reproduce with OpenBao:\n\n```\n$ podman run --pull=always -p 8300:8300 openbao/openbao:latest server -dev -dev-root-token-id=root -dev-listen-address=0.0.0.0:8300\n```\n\nand in a new tab:\n\n```\n$ BAO_TOKEN=root BAO_ADDR=http://localhost:8300 bao auth enable userpass\nSuccess! Enabled userpass auth method at: userpass/\n$ curl -X PUT -H \"X-Vault-Request: true\" -H \"X-Vault-Token: root\" -d \u0027{\"ttl\":\"asdf\"}\u0027 \"http://localhost:8200/v1/auth/userpass/users/asdf\"\n\n--\u003e server logs:\n\n2025-06-25T21:32:25.101-0500 [ERROR] core: failed to run existence check: error=\"error converting input for field \\\"ttl\\\": time: invalid duration \\\"asdf\\\"\"\n```\n\n### Impact\n\nThis is an information disclosure bug with little mitigation. See https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717 for a previous version. That version was fixed, but this is in the second part of that error message (starting at `\u0027\u0027 expected a map, got \u0027string\u0027` -- when the field type is `string` and a `map` is provided, we see the above information leak -- the previous example had a `map` type field with a `string` value provided).\n\nThis was rated 4.5 Medium by HashiCorp in the past iteration.",
"id": "GHSA-2464-8j7c-4cjm",
"modified": "2026-01-27T21:01:22Z",
"published": "2025-08-21T14:37:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11065"
},
{
"type": "WEB",
"url": "https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-11065"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391829"
},
{
"type": "PACKAGE",
"url": "https://github.com/go-viper/mapstructure"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3900"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "go-viper\u0027s mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data"
}
GHSA-2X5J-VHC8-9CWM
Vulnerability from github – Published: 2025-06-10 21:18 – Updated: 2025-10-23 17:36Impact
The CIRCL implementation of FourQ fails to validate user-supplied low-order points during Diffie-Hellman key exchange, potentially allowing attackers to force the identity point and compromise session security.
Moreover, there is an incorrect point validation in ScalarMult can lead to incorrect results in the isEqual function and if a point is on the curve.
Patches
Version 1.6.1 (https://github.com/cloudflare/circl/tree/v1.6.1) mitigates the identified issues.
We acknowledge Alon Livne (Botanica Software Labs) for the reported findings.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cloudflare/circl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-8556"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-10T21:18:33Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Impact\nThe CIRCL implementation of FourQ fails to validate user-supplied low-order points during Diffie-Hellman key exchange, potentially allowing attackers to force the identity point and compromise session security.\n\nMoreover, there is an incorrect point validation in ScalarMult can lead to incorrect results in the isEqual function and if a point is on the curve.\n\n\n### Patches\nVersion 1.6.1 (https://github.com/cloudflare/circl/tree/v1.6.1) mitigates the identified issues.\n\nWe acknowledge Alon Livne (Botanica Software Labs) for the reported findings.",
"id": "GHSA-2x5j-vhc8-9cwm",
"modified": "2025-10-23T17:36:51Z",
"published": "2025-06-10T21:18:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8556"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-8556"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371624"
},
{
"type": "PACKAGE",
"url": "https://github.com/cloudflare/circl"
},
{
"type": "WEB",
"url": "https://github.com/cloudflare/circl/tree/v1.6.1"
},
{
"type": "WEB",
"url": "https://news.ycombinator.com/item?id=45669593"
},
{
"type": "WEB",
"url": "https://www.botanica.software/blog/cryptographic-issues-in-cloudflares-circl-fourq-implementation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "CIRCL-Fourq: Missing and wrong validation can lead to incorrect results"
}
GHSA-37CX-329C-33X3
Vulnerability from github – Published: 2026-02-10 00:28 – Updated: 2026-02-10 02:57Impact
A vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found.
For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly.
Note that the lack of verification of the packfile checksum has no impact on the trust relationship between the client and server, which is enforced based on the protocol being used (e.g. TLS in the case of https:// or known hosts for ssh://). In other words, the packfile checksum verification does not provide any security benefits when connecting to a malicious or compromised Git server.
Patches
Users should upgrade to v5.16.5, or the latest v6 pseudo-version, in order to mitigate this vulnerability.
Workarounds
In case updating to a fixed version of go-git is not possible, users can run git fsck from the git cli to check for data corruption on a given repository.
Credit
Thanks @N0zoM1z0 for finding and reporting this issue privately to the go-git project.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.16.4"
},
"package": {
"ecosystem": "Go",
"name": "github.com/go-git/go-git/v5"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.16.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25934"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-10T00:28:53Z",
"nvd_published_at": "2026-02-09T23:16:05Z",
"severity": "MODERATE"
},
"details": "### Impact \n\nA vulnerability was discovered in `go-git` whereby data integrity values for `.pack` and `.idx` files were not properly verified. This resulted in `go-git` potentially consuming corrupted files, which would likely result in unexpected errors such as `object not found`.\n\nFor context, clients fetch [`packfiles`](https://git-scm.com/docs/pack-protocol#_packfile_data) from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (`.idx`) are [generated](https://git-scm.com/docs/pack-format) locally by `go-git`, or the `git` cli, when new `.pack` files are received and processed. The integrity checks for both files were not being verified correctly.\n\nNote that the lack of verification of the packfile checksum has no impact on the trust relationship between the client and server, which is enforced based on the protocol being used (e.g. TLS in the case of `https://` or known hosts for `ssh://`). In other words, the packfile checksum verification does not provide any security benefits when connecting to a malicious or compromised Git server.\n\n### Patches\n\nUsers should upgrade to `v5.16.5`, or the latest `v6` [pseudo-version](https://go.dev/ref/mod#pseudo-versions), in order to mitigate this vulnerability.\n\n### Workarounds\n\nIn case updating to a fixed version of `go-git` is not possible, users can run [git fsck](https://git-scm.com/docs/git-fsck) from the `git` cli to check for data corruption on a given repository. \n\n### Credit\n\nThanks @N0zoM1z0 for finding and reporting this issue privately to the `go-git` project.",
"id": "GHSA-37cx-329c-33x3",
"modified": "2026-02-10T02:57:13Z",
"published": "2026-02-10T00:28:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
},
{
"type": "PACKAGE",
"url": "https://github.com/go-git/go-git"
},
{
"type": "WEB",
"url": "https://github.com/go-git/go-git/releases/tag/v5.16.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "go-git improperly verifies data integrity values for .idx and .pack files"
}
GHSA-9H8M-3FM2-QJRQ
Vulnerability from github – Published: 2026-02-02 20:07 – Updated: 2026-02-27 21:39Impact
The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go executes the ioreg system command using a search path. An attacker with the ability to locally modify the PATH environment variable can achieve Arbitrary Code Execution (ACE) within the context of the application.
Patches
This has been patched in d45961b, which was released with v1.40.0.
References
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "go.opentelemetry.io/otel/sdk"
},
"ranges": [
{
"events": [
{
"introduced": "1.21.0"
},
{
"fixed": "1.40.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-24051"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-02T20:07:46Z",
"nvd_published_at": "2026-02-02T23:16:07Z",
"severity": "HIGH"
},
"details": "### Impact\nThe OpenTelemetry Go SDK in version `v1.20.0`-`1.39.0` is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in `sdk/resource/host_id.go` executes the `ioreg` system command using a search path. An attacker with the ability to locally modify the PATH environment variable can achieve Arbitrary Code Execution (ACE) within the context of the application.\n\n### Patches\nThis has been patched in [d45961b](https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53), which was released with `v1.40.0`.\n\n### References\n- [CWE-426: Untrusted Search Path](https://cwe.mitre.org/data/definitions/426.html)",
"id": "GHSA-9h8m-3fm2-qjrq",
"modified": "2026-02-27T21:39:46Z",
"published": "2026-02-02T20:07:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53"
},
{
"type": "PACKAGE",
"url": "https://github.com/open-telemetry/opentelemetry-go"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-4394"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking"
}
GHSA-FV92-FJC5-JJ9H
Vulnerability from github – Published: 2025-06-27 16:24 – Updated: 2025-06-27 16:24Summary
Use of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields.
Details
OpenBao (and presumably HashiCorp Vault) have surfaced error messages from mapstructure as follows:
https://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L43-L50
_, _, err := d.getPrimitive(field, schema)
if err != nil {
return fmt.Errorf("error converting input for field %q: %w", field, err)
}
where this calls mapstructure.WeakDecode(...): https://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L181-L193
func (d *FieldData) getPrimitive(k string, schema *FieldSchema) (interface{}, bool, error) {
raw, ok := d.Raw[k]
if !ok {
return nil, false, nil
}
switch t := schema.Type; t {
case TypeBool:
var result bool
if err := mapstructure.WeakDecode(raw, &result); err != nil {
return nil, false, err
}
return result, true, nil
Notably, WeakDecode(...) eventually calls one of the decode helpers, which surfaces the original value:
https://github.com/go-viper/mapstructure/blob/1a66224d5e54d8757f63bd66339cf764c3292c21/mapstructure.go#L679-L686
https://github.com/go-viper/mapstructure/blob/1a66224d5e54d8757f63bd66339cf764c3292c21/mapstructure.go#L726-L730
https://github.com/go-viper/mapstructure/blob/1a66224d5e54d8757f63bd66339cf764c3292c21/mapstructure.go#L783-L787
& more.
PoC
To reproduce with OpenBao:
$ podman run -p 8300:8300 openbao/openbao:latest server -dev -dev-root-token-id=root -dev-listen-address=0.0.0.0:8300
and in a new tab:
$ BAO_TOKEN=root BAO_ADDR=http://localhost:8300 bao auth enable userpass
Success! Enabled userpass auth method at: userpass/
$ curl -X PUT -H "X-Vault-Request: true" -H "X-Vault-Token: root" -d '{"password":{"asdf":"my-sensitive-value"}}' "http://localhost:8300/v1/auth/userpass/users/adsf"
{"errors":["error converting input for field \"password\": '' expected type 'string', got unconvertible type 'map[string]interface {}', value: 'map[asdf:my-sensitive-value]'"]}
Impact
This is an information disclosure bug with little mitigation. See https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717 for a previous version. That version was fixed, but this is in the second part of that error message (starting at '' expected a map, got 'string' -- when the field type is string and a map is provided, we see the above information leak -- the previous example had a map type field with a string value provided).
This was rated 4.5 Medium by HashiCorp in the past iteration.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/go-viper/mapstructure/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-27T16:24:59Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nUse of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields.\n\n### Details\n\nOpenBao (and presumably HashiCorp Vault) have surfaced error messages from `mapstructure` as follows:\n\nhttps://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L43-L50\n\n```go\n\t\t\t_, _, err := d.getPrimitive(field, schema)\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"error converting input for field %q: %w\", field, err)\n\t\t\t}\n```\n\nwhere this calls `mapstructure.WeakDecode(...)`: https://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L181-L193\n\n```go\n\nfunc (d *FieldData) getPrimitive(k string, schema *FieldSchema) (interface{}, bool, error) {\n\traw, ok := d.Raw[k]\n\tif !ok {\n\t\treturn nil, false, nil\n\t}\n\n\tswitch t := schema.Type; t {\n\tcase TypeBool:\n\t\tvar result bool\n\t\tif err := mapstructure.WeakDecode(raw, \u0026result); err != nil {\n\t\t\treturn nil, false, err\n\t\t}\n\t\treturn result, true, nil\n```\n\nNotably, `WeakDecode(...)` eventually calls one of the decode helpers, which surfaces the original value:\n\nhttps://github.com/go-viper/mapstructure/blob/1a66224d5e54d8757f63bd66339cf764c3292c21/mapstructure.go#L679-L686\n\nhttps://github.com/go-viper/mapstructure/blob/1a66224d5e54d8757f63bd66339cf764c3292c21/mapstructure.go#L726-L730\n\nhttps://github.com/go-viper/mapstructure/blob/1a66224d5e54d8757f63bd66339cf764c3292c21/mapstructure.go#L783-L787\n\n\u0026 more.\n\n### PoC\n\nTo reproduce with OpenBao:\n\n```\n$ podman run -p 8300:8300 openbao/openbao:latest server -dev -dev-root-token-id=root -dev-listen-address=0.0.0.0:8300\n```\n\nand in a new tab:\n\n```\n$ BAO_TOKEN=root BAO_ADDR=http://localhost:8300 bao auth enable userpass\nSuccess! Enabled userpass auth method at: userpass/\n$ curl -X PUT -H \"X-Vault-Request: true\" -H \"X-Vault-Token: root\" -d \u0027{\"password\":{\"asdf\":\"my-sensitive-value\"}}\u0027 \"http://localhost:8300/v1/auth/userpass/users/adsf\"\n{\"errors\":[\"error converting input for field \\\"password\\\": \u0027\u0027 expected type \u0027string\u0027, got unconvertible type \u0027map[string]interface {}\u0027, value: \u0027map[asdf:my-sensitive-value]\u0027\"]}\n```\n\n### Impact\n\nThis is an information disclosure bug with little mitigation. See https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717 for a previous version. That version was fixed, but this is in the second part of that error message (starting at `\u0027\u0027 expected a map, got \u0027string\u0027` -- when the field type is `string` and a `map` is provided, we see the above information leak -- the previous example had a `map` type field with a `string` value provided).\n\nThis was rated 4.5 Medium by HashiCorp in the past iteration.",
"id": "GHSA-fv92-fjc5-jj9h",
"modified": "2025-06-27T16:24:59Z",
"published": "2025-06-27T16:24:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/go-viper/mapstructure/security/advisories/GHSA-fv92-fjc5-jj9h"
},
{
"type": "PACKAGE",
"url": "https://github.com/go-viper/mapstructure"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.