Vulnerability-Lookup

Vulnerability from cleanstart

Published

2026-04-01 09:20

Modified

2026-03-25 11:22

Summary

Security fixes for CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2026-27141, CVE-2026-33186, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x, ghsa-p77j-4mvh-x3m3 applied in versions: 2.14.2-r0, 2.14.2-r1, 2.14.2-r2

Details

Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-53547	WEB
	https://osv.dev/vulnerability/CVE-2025-55198	WEB
	https://osv.dev/vulnerability/CVE-2025-55199	WEB
	https://osv.dev/vulnerability/CVE-2026-27141	WEB
	https://osv.dev/vulnerability/CVE-2026-33186	WEB
	https://osv.dev/vulnerability/ghsa-557j-xg8c-q2mm	WEB
	https://osv.dev/vulnerability/ghsa-9h84-qmv7-982p	WEB
	https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv	WEB
	https://osv.dev/vulnerability/ghsa-f9f8-9pmf-xv68	WEB
	https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x	WEB
	https://osv.dev/vulnerability/ghsa-p77j-4mvh-x3m3	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-53547	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55198	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55199	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27141	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33186	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "harbor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.14.2-r2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the harbor package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-YM45607",
  "modified": "2026-03-25T11:22:05Z",
  "published": "2026-04-01T09:20:30.481603Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-YM45607.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-53547"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55198"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55199"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27141"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33186"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-557j-xg8c-q2mm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-9h84-qmv7-982p"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-f9f8-9pmf-xv68"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-p77j-4mvh-x3m3"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53547"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55198"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55199"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2025-53547, CVE-2025-55198, CVE-2025-55199, CVE-2026-27141, CVE-2026-33186, ghsa-557j-xg8c-q2mm, ghsa-9h84-qmv7-982p, ghsa-f6x5-jh6r-wrfv, ghsa-f9f8-9pmf-xv68, ghsa-j5w8-q4qc-rx2x, ghsa-p77j-4mvh-x3m3 applied in versions: 2.14.2-r0, 2.14.2-r1, 2.14.2-r2",
  "upstream": [
    "CVE-2025-53547",
    "CVE-2025-55198",
    "CVE-2025-55199",
    "CVE-2026-27141",
    "CVE-2026-33186",
    "ghsa-557j-xg8c-q2mm",
    "ghsa-9h84-qmv7-982p",
    "ghsa-f6x5-jh6r-wrfv",
    "ghsa-f9f8-9pmf-xv68",
    "ghsa-j5w8-q4qc-rx2x",
    "ghsa-p77j-4mvh-x3m3"
  ]
}

CVE-2025-53547 (GCVE-0-2025-53547)

Vulnerability from cvelistv5 – Published: 2025-07-08 21:39 – Updated: 2026-02-26 17:51

Title

Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution

Summary

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4.

Severity

8.5 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/helm/helm/security/advisories/…	x_refsource_CONFIRM
https://github.com/helm/helm/commit/4b8e61093d8f5…	x_refsource_MISC
https://news.ycombinator.com/item?id=44506696

Impacted products

1 product

Vendor	Product	Version
helm	helm	Affected: < 3.18.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53547",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-24T03:55:20.328115Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:51:02.113Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-07-09T17:05:52.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://news.ycombinator.com/item?id=44506696"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "helm",
          "vendor": "helm",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.18.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-08T21:39:59.075Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm"
        },
        {
          "name": "https://github.com/helm/helm/commit/4b8e61093d8f579f1165cdc6bd4b43fa5455f571",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/helm/helm/commit/4b8e61093d8f579f1165cdc6bd4b43fa5455f571"
        }
      ],
      "source": {
        "advisory": "GHSA-557j-xg8c-q2mm",
        "discovery": "UNKNOWN"
      },
      "title": "Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-53547",
    "datePublished": "2025-07-08T21:39:59.075Z",
    "dateReserved": "2025-07-02T15:15:11.516Z",
    "dateUpdated": "2026-02-26T17:51:02.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-55198 (GCVE-0-2025-55198)

Vulnerability from cvelistv5 – Published: 2025-08-13 23:23 – Updated: 2025-08-14 14:50

Title

Helm May Panic Due To Incorrect YAML Content

Summary

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/helm/helm/security/advisories/…	x_refsource_CONFIRM
https://github.com/helm/helm/commit/ec5f59e2db565…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
helm	helm	Affected: < 3.18.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55198",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-14T13:41:00.963620Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-14T14:50:32.593Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "helm",
          "vendor": "helm",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.18.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-908",
              "description": "CWE-908: Use of Uninitialized Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-13T23:23:56.780Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68"
        },
        {
          "name": "https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6"
        }
      ],
      "source": {
        "advisory": "GHSA-f9f8-9pmf-xv68",
        "discovery": "UNKNOWN"
      },
      "title": "Helm May Panic Due To Incorrect YAML Content"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-55198",
    "datePublished": "2025-08-13T23:23:56.780Z",
    "dateReserved": "2025-08-08T21:55:07.964Z",
    "dateUpdated": "2025-08-14T14:50:32.593Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-55199 (GCVE-0-2025-55199)

Vulnerability from cvelistv5 – Published: 2025-08-13 23:23 – Updated: 2025-08-14 14:50

Title

Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

Summary

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/helm/helm/security/advisories/…	x_refsource_CONFIRM
https://github.com/helm/helm/commit/b78692c18f0fb…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
helm	helm	Affected: < 3.18.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55199",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-14T13:41:12.193883Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-14T14:50:39.218Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "helm",
          "vendor": "helm",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.18.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-13T23:23:43.304Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/helm/helm/security/advisories/GHSA-9h84-qmv7-982p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/helm/helm/security/advisories/GHSA-9h84-qmv7-982p"
        },
        {
          "name": "https://github.com/helm/helm/commit/b78692c18f0fb38fe5ba4571a674de067a4c53a5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/helm/helm/commit/b78692c18f0fb38fe5ba4571a674de067a4c53a5"
        }
      ],
      "source": {
        "advisory": "GHSA-9h84-qmv7-982p",
        "discovery": "UNKNOWN"
      },
      "title": "Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-55199",
    "datePublished": "2025-08-13T23:23:43.304Z",
    "dateReserved": "2025-08-08T21:55:07.965Z",
    "dateUpdated": "2025-08-14T14:50:39.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2026-27141 (GCVE-0-2026-27141)

Vulnerability from cvelistv5 – Published: 2026-02-26 18:50 – Updated: 2026-02-27 19:11

Title

Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

Summary

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-476 - NULL Pointer Dereference

Assigner

References

4 references

URL	Tags
https://nvd.nist.gov/vuln/detail/CVE-2026-27141
https://go.dev/cl/746180
https://go.dev/issue/77652
https://pkg.go.dev/vuln/GO-2026-4559

Impacted products

1 product

Vendor	Product	Version
golang.org/x/net	golang.org/x/net/http2	Affected: 0.50.0 , < 0.51.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-27141",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T19:11:24.117207Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-27T19:11:57.260Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/http2",
          "product": "golang.org/x/net/http2",
          "programRoutines": [
            {
              "name": "typeFrameParser"
            },
            {
              "name": "ClientConn.Close"
            },
            {
              "name": "ClientConn.Ping"
            },
            {
              "name": "ClientConn.RoundTrip"
            },
            {
              "name": "ClientConn.Shutdown"
            },
            {
              "name": "ConfigureServer"
            },
            {
              "name": "ConfigureTransport"
            },
            {
              "name": "ConfigureTransports"
            },
            {
              "name": "ConnectionError.Error"
            },
            {
              "name": "ErrCode.String"
            },
            {
              "name": "FrameHeader.String"
            },
            {
              "name": "FrameType.String"
            },
            {
              "name": "FrameWriteRequest.String"
            },
            {
              "name": "Framer.ReadFrame"
            },
            {
              "name": "Framer.ReadFrameForHeader"
            },
            {
              "name": "Framer.ReadFrameHeader"
            },
            {
              "name": "Framer.WriteContinuation"
            },
            {
              "name": "Framer.WriteData"
            },
            {
              "name": "Framer.WriteDataPadded"
            },
            {
              "name": "Framer.WriteGoAway"
            },
            {
              "name": "Framer.WriteHeaders"
            },
            {
              "name": "Framer.WritePing"
            },
            {
              "name": "Framer.WritePriority"
            },
            {
              "name": "Framer.WritePriorityUpdate"
            },
            {
              "name": "Framer.WritePushPromise"
            },
            {
              "name": "Framer.WriteRSTStream"
            },
            {
              "name": "Framer.WriteRawFrame"
            },
            {
              "name": "Framer.WriteSettings"
            },
            {
              "name": "Framer.WriteSettingsAck"
            },
            {
              "name": "Framer.WriteWindowUpdate"
            },
            {
              "name": "GoAwayError.Error"
            },
            {
              "name": "ReadFrameHeader"
            },
            {
              "name": "Server.ServeConn"
            },
            {
              "name": "Setting.String"
            },
            {
              "name": "SettingID.String"
            },
            {
              "name": "SettingsFrame.ForeachSetting"
            },
            {
              "name": "StreamError.Error"
            },
            {
              "name": "Transport.CloseIdleConnections"
            },
            {
              "name": "Transport.NewClientConn"
            },
            {
              "name": "Transport.RoundTrip"
            },
            {
              "name": "Transport.RoundTripOpt"
            },
            {
              "name": "bufferedWriter.Flush"
            },
            {
              "name": "bufferedWriter.Write"
            },
            {
              "name": "bufferedWriterTimeoutWriter.Write"
            },
            {
              "name": "chunkWriter.Write"
            },
            {
              "name": "clientConnPool.GetClientConn"
            },
            {
              "name": "connError.Error"
            },
            {
              "name": "dataBuffer.Read"
            },
            {
              "name": "duplicatePseudoHeaderError.Error"
            },
            {
              "name": "gzipReader.Close"
            },
            {
              "name": "gzipReader.Read"
            },
            {
              "name": "headerFieldNameError.Error"
            },
            {
              "name": "headerFieldValueError.Error"
            },
            {
              "name": "netHTTPClientConn.Close"
            },
            {
              "name": "netHTTPClientConn.RoundTrip"
            },
            {
              "name": "noDialClientConnPool.GetClientConn"
            },
            {
              "name": "noDialH2RoundTripper.NewClientConn"
            },
            {
              "name": "noDialH2RoundTripper.RoundTrip"
            },
            {
              "name": "pipe.Read"
            },
            {
              "name": "priorityWriteSchedulerRFC7540.CloseStream"
            },
            {
              "name": "priorityWriteSchedulerRFC7540.OpenStream"
            },
            {
              "name": "priorityWriteSchedulerRFC9218.OpenStream"
            },
            {
              "name": "pseudoHeaderError.Error"
            },
            {
              "name": "requestBody.Close"
            },
            {
              "name": "requestBody.Read"
            },
            {
              "name": "responseWriter.Flush"
            },
            {
              "name": "responseWriter.FlushError"
            },
            {
              "name": "responseWriter.Push"
            },
            {
              "name": "responseWriter.SetReadDeadline"
            },
            {
              "name": "responseWriter.SetWriteDeadline"
            },
            {
              "name": "responseWriter.Write"
            },
            {
              "name": "responseWriter.WriteHeader"
            },
            {
              "name": "responseWriter.WriteString"
            },
            {
              "name": "roundRobinWriteScheduler.OpenStream"
            },
            {
              "name": "serverConn.CloseConn"
            },
            {
              "name": "serverConn.Flush"
            },
            {
              "name": "stickyErrWriter.Write"
            },
            {
              "name": "transportResponseBody.Close"
            },
            {
              "name": "transportResponseBody.Read"
            },
            {
              "name": "unencryptedTransport.RoundTrip"
            },
            {
              "name": "writeData.String"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.51.0",
              "status": "affected",
              "version": "0.50.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-26T18:50:31.830Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
        },
        {
          "url": "https://go.dev/cl/746180"
        },
        {
          "url": "https://go.dev/issue/77652"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4559"
        }
      ],
      "title": "Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-27141",
    "datePublished": "2026-02-26T18:50:31.830Z",
    "dateReserved": "2026-02-17T19:57:28.435Z",
    "dateUpdated": "2026-02-27T19:11:57.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33186 (GCVE-0-2026-33186)

Vulnerability from cvelistv5 – Published: 2026-03-20 22:23 – Updated: 2026-06-30 12:05

Title

gRPC-Go has an authorization bypass via missing leading slash in :path

Summary

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, "deny" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback "allow" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific "deny" rules for canonical paths but allows other requests by default (a fallback "allow" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-285 - Improper Authorization
CWE-551 - Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

Assigner

GitHub_M

References

161 references

URL	Tags
https://github.com/grpc/grpc-go/security/advisori…	x_refsource_CONFIRM
https://access.redhat.com/security/cve/CVE-2026-33186	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2449833	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:26997	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27076	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17789	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:28047	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20436	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:18068	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20322	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26999	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19719	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27856	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22937	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19135	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22450	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10107	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19721	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19720	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27712	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10705	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10706	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:23228	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19353	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22714	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19207	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9872	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22423	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22347	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21769	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:23345	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6428	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:29854	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26568	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8433	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22645	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25127	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13548	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8151	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11408	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11803	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13829	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7110	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11070	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7128	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13791	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27893	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27901	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27957	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27892	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6174	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6802	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22485	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24977	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10698	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19712	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10155	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10158	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21696	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21697	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12283	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21691	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21692	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25009	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15092	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:23234	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:23235	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:14775	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25045	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20088	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20089	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10105	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17598	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17599	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21657	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25182	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21658	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27001	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17448	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25183	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12119	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12118	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8449	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:23246	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20041	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20042	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27004	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:23247	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25201	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10093	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10094	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21703	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27063	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17468	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24535	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21704	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25195	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25194	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6564	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24759	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17474	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21709	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24506	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20034	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20035	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25187	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7245	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:23241	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17475	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21710	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22800	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10175	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20946	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20943	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26519	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24484	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21932	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21931	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8483	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9440	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8484	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9448	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8490	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9453	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8491	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8493	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9388	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9385	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26416	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26420	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26413	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12279	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26412	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12277	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11856	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21017	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24853	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19375	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22465	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11916	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11996	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10131	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10125	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10130	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10126	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10172	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10153	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8338	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22959	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22961	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24536	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19099	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12116	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12337	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19108	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17459	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17123	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22689	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:18585	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19109	vendor-advisoryx_refsource_REDHAT

Impacted products

151 products

Vendor	Product	Version
grpc	grpc-go	Affected: < 1.79.3
Red Hat	Red Hat OpenShift Container Platform 4.18	cpe:/a:redhat:openshift:4.18::el8 cpe:/a:redhat:openshift:4.18::el9
Red Hat	Red Hat Satellite 6.16 for RHEL 8	cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8
Red Hat	Cryostat 4 on RHEL 9	cpe:/a:redhat:cryostat:4::el9
Red Hat	Red Hat OpenStack Platform 17.1	cpe:/a:redhat:openstack:17.1 cpe:/a:redhat:openstack:17.1::el9
Red Hat	Red Hat OpenShift Container Platform 4.16	cpe:/a:redhat:openshift:4.16::el9
Red Hat	Red Hat OpenShift Container Platform 4.19	cpe:/a:redhat:openshift:4.19::el9
Red Hat	Red Hat Satellite 6.16 for RHEL 9	cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux AppStream (v. 8)	cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat CodeReady Linux Builder EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::crb
Red Hat	Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)	cpe:/a:redhat:enterprise_linux:9::crb
Red Hat	DevWorkspace Operator 0.4	cpe:/a:redhat:devworkspace:0.40::el9
Red Hat	Multicluster Global Hub 1.3.4	cpe:/a:redhat:multicluster_globalhub:1.3::el9
Red Hat	Multicluster Global Hub 1.4.5	cpe:/a:redhat:multicluster_globalhub:1.4::el9
Red Hat	Multicluster Global Hub 1.5.4	cpe:/a:redhat:multicluster_globalhub:1.5::el9
Red Hat	Multicluster Global Hub 1.6.2	cpe:/a:redhat:multicluster_globalhub:1.6::el9
Red Hat	Network Observability (NETOBSERV) 1.11.2	cpe:/a:redhat:network_observ_optr:1.11::el9
Red Hat	OpenShift API for Data Protection 1.4	cpe:/a:redhat:openshift_api_data_protection:1.4::el9
Red Hat	OpenShift API for Data Protection 1.5	cpe:/a:redhat:openshift_api_data_protection:1.5::el9
Red Hat	OpenShift Compliance Operator 1	cpe:/a:redhat:openshift_compliance_operator:1::el9
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2.13	cpe:/a:redhat:acm:2.13::el9
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2.14	cpe:/a:redhat:acm:2.14::el9
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2.15	cpe:/a:redhat:acm:2.15::el9
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2.16	cpe:/a:redhat:acm:2.16::el9
Red Hat	Red Hat Advanced Cluster Security for Kubernetes 4.10	cpe:/a:redhat:advanced_cluster_security:4.10::el8
Red Hat	Red Hat Advanced Cluster Security for Kubernetes 4.8	cpe:/a:redhat:advanced_cluster_security:4.8::el8
Red Hat	Red Hat Advanced Cluster Security for Kubernetes 4.9	cpe:/a:redhat:advanced_cluster_security:4.9::el8
Red Hat	Red Hat Container Native Virtualization 4.18	cpe:/a:redhat:container_native_virtualization:4.18::el9
Red Hat	Red Hat Container Native Virtualization 4.19	cpe:/a:redhat:container_native_virtualization:4.19::el9
Red Hat	Red Hat Container Native Virtualization 4.20	cpe:/a:redhat:container_native_virtualization:4.20::el9
Red Hat	Red Hat Container Native Virtualization 4.21	cpe:/a:redhat:container_native_virtualization:4.21::el9
Red Hat	Red Hat Developer Hub 1.8	cpe:/a:redhat:rhdh:1.8::el9
Red Hat	Red Hat Developer Hub 1.9	cpe:/a:redhat:rhdh:1.9::el9
Red Hat	Red Hat Lightspeed (formerly Insights) for Runtimes 1	cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9
Red Hat	Red Hat OpenShift AI 2.25	cpe:/a:redhat:openshift_ai:2.25::el9
Red Hat	Red Hat OpenShift AI 3.3	cpe:/a:redhat:openshift_ai:3.3::el9
Red Hat	Red Hat OpenShift Builds 1.6.5	cpe:/a:redhat:openshift_builds:1.6::el9
Red Hat	Red Hat OpenShift Builds 1.7.3	cpe:/a:redhat:openshift_builds:1.7::el9
Red Hat	Red Hat OpenShift Container Platform 4.12	cpe:/a:redhat:openshift:4.12::el9
Red Hat	Red Hat OpenShift Container Platform 4.13	cpe:/a:redhat:openshift:4.13::el9
Red Hat	Red Hat OpenShift Container Platform 4.14	cpe:/a:redhat:openshift:4.14::el9
Red Hat	Red Hat OpenShift Container Platform 4.15	cpe:/a:redhat:openshift:4.15::el9
Red Hat	Red Hat OpenShift Container Platform 4.17	cpe:/a:redhat:openshift:4.17::el9
Red Hat	Red Hat OpenShift Container Platform 4.20	cpe:/a:redhat:openshift:4.20::el9
Red Hat	Red Hat OpenShift Container Platform 4.21	cpe:/a:redhat:openshift:4.21::el9
Red Hat	Red Hat OpenShift Dev Spaces 3.27	cpe:/a:redhat:openshift_devspaces:3.27::el9
Red Hat	Red Hat OpenShift GitOps 1.18	cpe:/a:redhat:openshift_gitops:1.18::el8
Red Hat	Red Hat OpenShift GitOps 1.19	cpe:/a:redhat:openshift_gitops:1.19::el8
Red Hat	Red Hat OpenShift Pipelines 1.21	cpe:/a:redhat:openshift_pipelines:1.21::el9
Red Hat	Red Hat OpenShift Pipelines 1.2	cpe:/a:redhat:openshift_pipelines:1.20::el9
Red Hat	Red Hat OpenShift Service Mesh 2.6	cpe:/a:redhat:service_mesh:2.6::el8
Red Hat	Red Hat OpenShift Service Mesh 3.0	cpe:/a:redhat:service_mesh:3.0::el9
Red Hat	Red Hat OpenShift Service Mesh 3.1	cpe:/a:redhat:service_mesh:3.1::el9
Red Hat	Red Hat OpenShift Service Mesh 3.2	cpe:/a:redhat:service_mesh:3.2::el9
Red Hat	Red Hat OpenShift Service Mesh 3.3	cpe:/a:redhat:service_mesh:3.3::el9
Red Hat	Red Hat OpenShift distributed tracing 3.9.3	cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
Red Hat	Red Hat Openshift Data Foundation 4.16	cpe:/a:redhat:openshift_data_foundation:4.16::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.19	cpe:/a:redhat:openshift_data_foundation:4.19::el9
Red Hat	Red Hat Openshift Data Foundation 4.2	cpe:/a:redhat:openshift_data_foundation:4.20::el9
Red Hat	Red Hat Quay 3.12	cpe:/a:redhat:quay:3.12::el8
Red Hat	Red Hat Quay 3.14	cpe:/a:redhat:quay:3.14::el8
Red Hat	Red Hat Quay 3.15	cpe:/a:redhat:quay:3.15::el8
Red Hat	Red Hat Quay 3.16	cpe:/a:redhat:quay:3.16::el9
Red Hat	Red Hat Quay 3.17	cpe:/a:redhat:quay:3.17::el9
Red Hat	Red Hat Quay 3.1	cpe:/a:redhat:quay:3.10::el8
Red Hat	Red Hat Quay 3.9	cpe:/a:redhat:quay:3.9::el8
Red Hat	Red Hat Trusted Artifact Signer 1.3	cpe:/a:redhat:trusted_artifact_signer:1.3::el9
Red Hat	Red Hat Web Terminal 1.13	cpe:/a:redhat:webterminal:1.13::el9
Red Hat	Red Hat Web Terminal 1.14	cpe:/a:redhat:webterminal:1.14::el9
Red Hat	Red Hat Web Terminal 1.15	cpe:/a:redhat:webterminal:1.15::el9
Red Hat	multicluster engine for Kubernetes 2.10	cpe:/a:redhat:multicluster_engine:2.10::el9
Red Hat	multicluster engine for Kubernetes 2.11	cpe:/a:redhat:multicluster_engine:2.11::el9
Red Hat	multicluster engine for Kubernetes 2.6	cpe:/a:redhat:multicluster_engine:2.6::el8
Red Hat	multicluster engine for Kubernetes 2.8	cpe:/a:redhat:multicluster_engine:2.8::el9
Red Hat	multicluster engine for Kubernetes 2.9	cpe:/a:redhat:multicluster_engine:2.9::el9
Red Hat	Assisted Installer for Red Hat OpenShift Container Platform 2	cpe:/a:redhat:assisted_installer:2
Red Hat	cert-manager Operator for Red Hat OpenShift	cpe:/a:redhat:cert_manager:1
Red Hat	Cryostat 4	cpe:/a:redhat:cryostat:4
Red Hat	Deployment Validation Operator	cpe:/a:redhat:deployment_validator_operator
Red Hat	Dynamic Accelerator Slicer Operator for Red Hat OpenShift	cpe:/a:redhat:dynamic_accelerator_slicer:1
Red Hat	ExternalDNS Operator	cpe:/a:redhat:ext_dns_optr:1
Red Hat	File Integrity Operator	cpe:/a:redhat:openshift_file_integrity_operator:1
Red Hat	Gatekeeper 3	cpe:/a:redhat:gatekeeper:3
Red Hat	Job Set Tech Preview	cpe:/a:redhat:job_set:0
Red Hat	Kernel Module Management Operator for Red Hat Openshift	cpe:/a:redhat:kernel_module_management:2
Red Hat	Kube Descheduler Operator	cpe:/a:redhat:kube_descheduler_operator:4
Red Hat	Leader Worker Set	cpe:/a:redhat:leader_worker_set:1
Red Hat	Logging Subsystem for Red Hat OpenShift	cpe:/a:redhat:logging:5
Red Hat	Logical Volume Manager Storage	cpe:/a:redhat:lvms:4
Red Hat	Migration Toolkit for Applications 8	cpe:/a:redhat:migration_toolkit_applications:8
Red Hat	Migration Toolkit for Containers	cpe:/a:redhat:rhmt:1
Red Hat	Migration Toolkit for Virtualization	cpe:/a:redhat:migration_toolkit_virtualization:2
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Multicluster Global Hub	cpe:/a:redhat:multicluster_globalhub
Red Hat	OpenShift API for Data Protection	cpe:/a:redhat:openshift_api_data_protection:1
Red Hat	OpenShift Developer Tools and Services	cpe:/a:redhat:ocp_tools
Red Hat	OpenShift Lightspeed	cpe:/a:redhat:openshift_lightspeed
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Run Once Duration Override Operator	cpe:/a:redhat:run_once_duration_override_operator:1
Red Hat	OpenShift Secondary Scheduler Operator	cpe:/a:redhat:openshift_secondary_scheduler:1
Red Hat	OpenShift Serverless	cpe:/a:redhat:serverless:1
Red Hat	OpenShift Service Mesh 2	cpe:/a:redhat:service_mesh:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat AI Inference Server	cpe:/a:redhat:ai_inference_server:3
Red Hat	Red Hat Ansible Automation Platform 2	cpe:/a:redhat:ansible_automation_platform:2
Red Hat	Red Hat Build of Podman Desktop	cpe:/a:redhat:podman_desktop:1
Red Hat	Red Hat Build of Podman Desktop - Tech Preview	cpe:/a:redhat:podman_desktop:0
Red Hat	Red Hat Certification Program for Red Hat Enterprise Linux 9	cpe:/a:redhat:certifications:9
Red Hat	Red Hat Connectivity Link 1	cpe:/a:redhat:connectivity_link:1
Red Hat	Red Hat Edge Manager 1	cpe:/a:redhat:edge_manager:1
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Enterprise Linux AI (RHEL AI) 3	cpe:/a:redhat:enterprise_linux_ai:3
Red Hat	Red Hat OpenShift AI (RHOAI)	cpe:/a:redhat:openshift_ai
Red Hat	Red Hat OpenShift Cluster Manager CLI	cpe:/a:redhat:openshift_cluster_manager_cli:1
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat Openshift Data Foundation 4	cpe:/a:redhat:openshift_data_foundation:4
Red Hat	Red Hat OpenShift GitOps	cpe:/a:redhat:openshift_gitops:1
Red Hat	Red Hat OpenShift Virtualization 4	cpe:/a:redhat:container_native_virtualization:4
Red Hat	Red Hat OpenStack Platform 16.2	cpe:/a:redhat:openstack:16.2
Red Hat	Red Hat Quay 3	cpe:/a:redhat:quay:3
Red Hat	Red Hat Satellite 6	cpe:/a:redhat:satellite:6
Red Hat	Red Hat Trusted Artifact Signer	cpe:/a:redhat:trusted_artifact_signer:1
Red Hat	Security Profiles Operator	cpe:/a:redhat:openshift_security_profiles_operator:1
Red Hat	Self Node Remediation Operator	cpe:/a:redhat:workload_availability_snr:0
Red Hat	Storage-Based Remediation	cpe:/a:redhat:workload_availability_sbr:0
Red Hat	Zero Trust Workload Identity Manager - Tech Preview	cpe:/a:redhat:zero_trust_workload_identity_manager:0
Red Hat	Builds for Red Hat OpenShift	cpe:/a:redhat:openshift_builds:1
Red Hat	Confidential Compute Attestation	cpe:/a:redhat:confidential_compute_attestation:1
Red Hat	Custom Metric Autoscaler operator for Red Hat Openshift	cpe:/a:redhat:openshift_custom_metrics_autoscaler:2
Red Hat	External Secrets Operator for Red Hat OpenShift	cpe:/a:redhat:external_secrets_operator:1
Red Hat	Machine Deletion Remediation Operator	cpe:/a:redhat:workload_availability_mdr:0
Red Hat	OpenShift Service Mesh 3	cpe:/a:redhat:service_mesh:3
Red Hat	Power monitoring for Red Hat OpenShift	cpe:/a:redhat:openshift_power_monitoring
Red Hat	Red Hat 3scale API Management Platform 2	cpe:/a:redhat:red_hat_3scale_amp:2
Red Hat	Red Hat Build of Kueue	cpe:/a:redhat:kueue_operator:1
Red Hat	Red Hat OpenShift Dev Workspaces Operator	cpe:/a:redhat:devworkspace
Red Hat	Red Hat OpenShift for Windows Containers	cpe:/a:redhat:windows_machine_config
Red Hat	Red Hat OpenStack Platform 18.0	cpe:/a:redhat:openstack:18.0
Red Hat	Red Hat Service Interconnect 1	cpe:/a:redhat:service_interconnect:1
Red Hat	Red Hat Trusted Profile Analyzer	cpe:/a:redhat:trusted_profile_analyzer:2
Red Hat	Service Telemetry Framework 1.5	cpe:/a:redhat:stf:1.5
Red Hat	Zero Trust Workload Identity Manager	cpe:/a:redhat:zero_trust_workload_identity_manager:1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33186",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T18:08:38.989284Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-24T18:09:13.422Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.18::el8",
              "cpe:/a:redhat:openshift:4.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:satellite:6.16::el8",
              "cpe:/a:redhat:satellite_capsule:6.16::el8",
              "cpe:/a:redhat:satellite_maintenance:6.16::el8",
              "cpe:/a:redhat:satellite_utils:6.16::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Satellite 6.16 for RHEL 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:cryostat:4::el9"
            ],
            "defaultStatus": "affected",
            "product": "Cryostat 4 on RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openstack:17.1",
              "cpe:/a:redhat:openstack:17.1::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenStack Platform 17.1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:satellite:6.16::el9",
              "cpe:/a:redhat:satellite_capsule:6.16::el9",
              "cpe:/a:redhat:satellite_maintenance:6.16::el9",
              "cpe:/a:redhat:satellite_utils:6.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Satellite 6.16 for RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::crb"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::crb"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:devworkspace:0.40::el9"
            ],
            "defaultStatus": "affected",
            "product": "DevWorkspace Operator 0.4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_globalhub:1.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Global Hub 1.3.4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_globalhub:1.4::el9"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Global Hub 1.4.5",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_globalhub:1.5::el9"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Global Hub 1.5.4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_globalhub:1.6::el9"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Global Hub 1.6.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:network_observ_optr:1.11::el9"
            ],
            "defaultStatus": "affected",
            "product": "Network Observability (NETOBSERV) 1.11.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift API for Data Protection 1.4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_api_data_protection:1.5::el9"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift API for Data Protection 1.5",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_compliance_operator:1::el9"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Compliance Operator 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2.13::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2.14::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2.15::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.10::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.20",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.21::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.21",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhdh:1.8::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Developer Hub 1.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhdh:1.9::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Developer Hub 1.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:2.25::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 2.25",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:3.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 3.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_builds:1.6::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Builds 1.6.5",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_builds:1.7::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Builds 1.7.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.12::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.12",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.13::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.13",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.14::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.15::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.20",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.21::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.21",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3.27::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Dev Spaces 3.27",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1.18::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift GitOps 1.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1.19::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift GitOps 1.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1.21::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Pipelines 1.21",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Pipelines 1.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:2.6::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Service Mesh 2.6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3.0::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Service Mesh 3.0",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3.1::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Service Mesh 3.1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3.2::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Service Mesh 3.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Service Mesh 3.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift distributed tracing 3.9.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.12::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.12",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.14::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.15::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.10::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.9::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Trusted Artifact Signer 1.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:webterminal:1.13::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Web Terminal 1.13",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:webterminal:1.14::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Web Terminal 1.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:webterminal:1.15::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Web Terminal 1.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.10::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.11::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.11",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.6::el8"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.8::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.9::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:assisted_installer:2"
            ],
            "defaultStatus": "affected",
            "product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:cert_manager:1"
            ],
            "defaultStatus": "affected",
            "product": "cert-manager Operator for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:cryostat:4"
            ],
            "defaultStatus": "affected",
            "product": "Cryostat 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:deployment_validator_operator"
            ],
            "defaultStatus": "affected",
            "product": "Deployment Validation Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:dynamic_accelerator_slicer:1"
            ],
            "defaultStatus": "affected",
            "product": "Dynamic Accelerator Slicer Operator for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ext_dns_optr:1"
            ],
            "defaultStatus": "affected",
            "product": "ExternalDNS Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_file_integrity_operator:1"
            ],
            "defaultStatus": "affected",
            "product": "File Integrity Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:gatekeeper:3"
            ],
            "defaultStatus": "affected",
            "product": "Gatekeeper 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:job_set:0"
            ],
            "defaultStatus": "affected",
            "product": "Job Set Tech Preview",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:kernel_module_management:2"
            ],
            "defaultStatus": "affected",
            "product": "Kernel Module Management Operator for Red Hat Openshift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:kube_descheduler_operator:4"
            ],
            "defaultStatus": "affected",
            "product": "Kube Descheduler Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:leader_worker_set:1"
            ],
            "defaultStatus": "affected",
            "product": "Leader Worker Set",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:logging:5"
            ],
            "defaultStatus": "affected",
            "product": "Logging Subsystem for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:lvms:4"
            ],
            "defaultStatus": "affected",
            "product": "Logical Volume Manager Storage",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:migration_toolkit_applications:8"
            ],
            "defaultStatus": "affected",
            "product": "Migration Toolkit for Applications 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhmt:1"
            ],
            "defaultStatus": "affected",
            "product": "Migration Toolkit for Containers",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:migration_toolkit_virtualization:2"
            ],
            "defaultStatus": "affected",
            "product": "Migration Toolkit for Virtualization",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Engine for Kubernetes",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_globalhub"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Global Hub",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_api_data_protection:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift API for Data Protection",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ocp_tools"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Developer Tools and Services",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_lightspeed"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Lightspeed",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Pipelines",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:run_once_duration_override_operator:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Run Once Duration Override Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_secondary_scheduler:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Secondary Scheduler Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:serverless:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Serverless",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:2"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Service Mesh 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ai_inference_server:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat AI Inference Server",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:podman_desktop:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Build of Podman Desktop",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:podman_desktop:0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Build of Podman Desktop - Tech Preview",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:certifications:9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:connectivity_link:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Connectivity Link 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:edge_manager:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Edge Manager 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux_ai:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_cluster_manager_cli:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Cluster Manager CLI",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift GitOps",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Virtualization 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openstack:16.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenStack Platform 16.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:satellite:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Satellite 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:trusted_artifact_signer:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Trusted Artifact Signer",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_security_profiles_operator:1"
            ],
            "defaultStatus": "affected",
            "product": "Security Profiles Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:workload_availability_snr:0"
            ],
            "defaultStatus": "affected",
            "product": "Self Node Remediation Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:workload_availability_sbr:0"
            ],
            "defaultStatus": "affected",
            "product": "Storage-Based Remediation",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:zero_trust_workload_identity_manager:0"
            ],
            "defaultStatus": "affected",
            "product": "Zero Trust Workload Identity Manager - Tech Preview",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_builds:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Builds for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:confidential_compute_attestation:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Confidential Compute Attestation",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
            ],
            "defaultStatus": "unaffected",
            "product": "Custom Metric Autoscaler operator for Red Hat Openshift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:external_secrets_operator:1"
            ],
            "defaultStatus": "unaffected",
            "product": "External Secrets Operator for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:workload_availability_mdr:0"
            ],
            "defaultStatus": "unaffected",
            "product": "Machine Deletion Remediation Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3"
            ],
            "defaultStatus": "unaffected",
            "product": "OpenShift Service Mesh 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_power_monitoring"
            ],
            "defaultStatus": "unaffected",
            "product": "Power monitoring for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:kueue_operator:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Build of Kueue",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:devworkspace"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift Dev Workspaces Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:windows_machine_config"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift for Windows Containers",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openstack:18.0"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenStack Platform 18.0",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_interconnect:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Service Interconnect 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:trusted_profile_analyzer:2"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Trusted Profile Analyzer",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:stf:1.5"
            ],
            "defaultStatus": "unaffected",
            "product": "Service Telemetry Framework 1.5",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Zero Trust Workload Identity Manager",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-03-20T22:23:32.147Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-551",
                "description": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:05:50.373Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-33186"
          },
          {
            "name": "RHBZ#2449833",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33186.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26997"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27076"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17789"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:28047"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20436"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:18068"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20322"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26999"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19719"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27856"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22937"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19135"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22450"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10107"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19721"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19720"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27712"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10705"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10706"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:23228"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19353"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22714"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19207"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9872"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22423"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22347"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21769"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:23345"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6428"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:29854"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26568"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8433"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22645"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25127"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13548"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8151"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11408"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11803"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13829"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7110"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11070"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7128"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13791"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27893"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27901"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27957"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27892"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6174"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6802"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22485"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24977"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10698"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19712"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10155"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10158"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21696"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21697"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12283"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21691"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21692"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25009"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15092"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:23234"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:23235"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:14775"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25045"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20088"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20089"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10105"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17598"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17599"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21657"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25182"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21658"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27001"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17448"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25183"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12119"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12118"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8449"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:23246"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20041"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20042"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27004"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:23247"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25201"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10093"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10094"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21703"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27063"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24535"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21704"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25195"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25194"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6564"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24759"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17474"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21709"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24506"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20034"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20035"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25187"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7245"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:23241"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17475"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21710"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22800"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10175"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20946"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20943"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26519"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24484"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21932"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21931"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8483"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9440"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8484"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9448"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8490"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9453"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8491"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8493"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9388"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9385"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26416"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26420"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26413"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12279"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26412"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12277"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11856"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21017"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24853"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19375"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22465"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11916"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11996"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10131"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10125"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10130"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10126"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10172"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10153"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8338"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22959"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22961"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24536"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19099"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12116"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12337"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19108"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17459"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17123"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22689"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:18585"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19109"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:26997: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17789: Cryostat 4 on RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:28047: Red Hat OpenStack Platform 17.1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20436: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:18068: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20322: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26999: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27856: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22937: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22450: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10107: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27712: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10705: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10706: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:23228: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22714: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19207: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9872: DevWorkspace Operator 0.4"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22423: Multicluster Global Hub 1.3.4"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6428: Network Observability (NETOBSERV) 1.11.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:29854: OpenShift API for Data Protection 1.4"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26568: OpenShift API for Data Protection 1.5"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8433: OpenShift Compliance Operator 1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22645: Red Hat Advanced Cluster Management for Kubernetes 2.13"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13548: Red Hat Advanced Cluster Management for Kubernetes 2.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8151: Red Hat Advanced Cluster Management for Kubernetes 2.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11408: Red Hat Advanced Cluster Management for Kubernetes 2.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11803: Red Hat Advanced Cluster Management for Kubernetes 2.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11070: Red Hat Advanced Cluster Security for Kubernetes 4.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27893: Red Hat Container Native Virtualization 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27901: Red Hat Container Native Virtualization 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27957: Red Hat Container Native Virtualization 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27892: Red Hat Container Native Virtualization 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6174: Red Hat Developer Hub 1.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6802: Red Hat Developer Hub 1.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22485: Red Hat Lightspeed (formerly Insights) for Runtimes 1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10698: Red Hat OpenShift AI 2.25"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10155: Red Hat OpenShift Builds 1.6.5"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10158: Red Hat OpenShift Builds 1.7.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21696: Red Hat OpenShift Container Platform 4.12"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21697: Red Hat OpenShift Container Platform 4.12"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12283: Red Hat OpenShift Container Platform 4.12"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21691: Red Hat OpenShift Container Platform 4.13"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21692: Red Hat OpenShift Container Platform 4.13"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25009: Red Hat OpenShift Container Platform 4.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15092: Red Hat OpenShift Container Platform 4.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:23234: Red Hat OpenShift Container Platform 4.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:23235: Red Hat OpenShift Container Platform 4.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:14775: Red Hat OpenShift Container Platform 4.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25045: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20088: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20089: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10105: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17598: Red Hat OpenShift Container Platform 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17599: Red Hat OpenShift Container Platform 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21657: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25182: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21658: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27001: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17448: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25183: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12119: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12118: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8449: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:23246: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20042: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27004: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:23247: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25201: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10093: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10094: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21703: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27063: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24535: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21704: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25195: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25194: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6564: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24759: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17474: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21709: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24506: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20034: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20035: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25187: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7245: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:23241: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17475: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21710: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22800: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20946: Red Hat OpenShift GitOps 1.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20943: Red Hat OpenShift GitOps 1.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26519: Red Hat OpenShift Pipelines 1.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24484: Red Hat OpenShift Pipelines 1.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21932: Red Hat OpenShift Pipelines 1.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21931: Red Hat OpenShift Pipelines 1.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8483: Red Hat OpenShift Service Mesh 2.6"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9440: Red Hat OpenShift Service Mesh 3.0"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8484: Red Hat OpenShift Service Mesh 3.0"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9448: Red Hat OpenShift Service Mesh 3.1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8490: Red Hat OpenShift Service Mesh 3.1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9453: Red Hat OpenShift Service Mesh 3.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8491: Red Hat OpenShift Service Mesh 3.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8493: Red Hat OpenShift Service Mesh 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9388: Red Hat OpenShift distributed tracing 3.9.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26416: Red Hat Openshift Data Foundation 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26420: Red Hat Openshift Data Foundation 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26413: Red Hat Openshift Data Foundation 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12279: Red Hat Openshift Data Foundation 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26412: Red Hat Openshift Data Foundation 4.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12277: Red Hat Openshift Data Foundation 4.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11856: Red Hat Quay 3.12"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21017: Red Hat Quay 3.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24853: Red Hat Quay 3.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19375: Red Hat Quay 3.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22465: Red Hat Quay 3.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11916: Red Hat Quay 3.1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11996: Red Hat Quay 3.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10131: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10125: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10130: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10126: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10172: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10153: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8338: Red Hat Web Terminal 1.13"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22959: Red Hat Web Terminal 1.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22961: Red Hat Web Terminal 1.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24536: multicluster engine for Kubernetes 2.10"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19099: multicluster engine for Kubernetes 2.10"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12116: multicluster engine for Kubernetes 2.10"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12337: multicluster engine for Kubernetes 2.11"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19108: multicluster engine for Kubernetes 2.11"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17459: multicluster engine for Kubernetes 2.6"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17123: multicluster engine for Kubernetes 2.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22689: multicluster engine for Kubernetes 2.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:18585: multicluster engine for Kubernetes 2.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19109: multicluster engine for Kubernetes 2.9"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-03-20T23:02:27.802Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-03-20T22:23:32.147Z",
            "value": "Made public."
          }
        ],
        "title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
        "workarounds": [
          {
            "lang": "en",
            "value": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grpc-go",
          "vendor": "grpc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.79.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285: Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T22:23:32.147Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
        }
      ],
      "source": {
        "advisory": "GHSA-p77j-4mvh-x3m3",
        "discovery": "UNKNOWN"
      },
      "title": "gRPC-Go has an authorization bypass via missing leading slash in :path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33186",
    "datePublished": "2026-03-20T22:23:32.147Z",
    "dateReserved": "2026-03-17T22:16:36.720Z",
    "dateUpdated": "2026-06-30T12:05:50.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GHSA-557J-XG8C-Q2MM

Vulnerability from github – Published: 2025-07-08 23:20 – Updated: 2025-07-16 21:10

Summary

Helm vulnerable to Code Injection through malicious chart.yaml content

Details

A Helm contributor discovered that a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated.

Impact

Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking.

This affects when dependencies are updated. When using the helm command this happens when helm dependency update is run. helm dependency build can write a lock file when one does not exist but this vector requires one to already exist. This affects the Helm SDK when the downloader Manager performs an update.

Patches

This issue has been resolved in Helm v3.18.4

Workarounds

Ensure the Chart.lock file in a chart is not a symlink prior to updating dependencies.

For more information

Helm's security policy is spelled out in detail in our SECURITY document.

Credits

Disclosed by Jakub Ciolek at AlphaSense.

Severity

8.5 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "helm.sh/helm/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.18.0-rc.1"
            },
            {
              "fixed": "3.18.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "helm.sh/helm/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.17.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53547"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-08T23:20:54Z",
    "nvd_published_at": "2025-07-08T22:15:27Z",
    "severity": "HIGH"
  },
  "details": "A Helm contributor discovered that a specially crafted `Chart.yaml` file along with a specially linked `Chart.lock` file can lead to local code execution when dependencies are updated.\n\n### Impact\n\nFields in a `Chart.yaml` file, that are carried over to a `Chart.lock` file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a `bash.rc` file or shell script). If the `Chart.lock` file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking.\n\nThis affects when dependencies are updated. When using the `helm` command this happens when `helm dependency update` is run. `helm dependency build` can write a lock file when one does not exist but this vector requires one to already exist. This affects the Helm SDK when the downloader `Manager` performs an update.\n\n### Patches\n\nThis issue has been resolved in Helm v3.18.4\n\n### Workarounds\n\nEnsure the `Chart.lock` file in a chart is not a symlink prior to updating dependencies.\n\n### For more information\n\nHelm\u0027s security policy is spelled out in detail in our [SECURITY](https://github.com/helm/community/blob/master/SECURITY.md) document.\n\n### Credits\n\nDisclosed by Jakub Ciolek at AlphaSense.",
  "id": "GHSA-557j-xg8c-q2mm",
  "modified": "2025-07-16T21:10:13Z",
  "published": "2025-07-08T23:20:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53547"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/4b8e61093d8f579f1165cdc6bd4b43fa5455f571"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/helm/helm"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=44506696"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Helm vulnerable to Code Injection through malicious chart.yaml content"
}

GHSA-9H84-QMV7-982P

Vulnerability from github – Published: 2025-08-14 00:01 – Updated: 2025-08-14 17:14

Summary

Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

Details

A Helm contributor discovered that it was possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination.

Impact

A malicious chart can point $ref in values.schema.json to a device (e.g. /dev/*) or other problem file which could cause Helm to use all available memory and have an out of memory (OOM) termination.

Patches

This issue has been resolved in Helm v3.18.5.

Workarounds

Make sure that all Helm charts that are being loaded into Helm doesn't have any reference of $ref pointing to /dev/zero.

References

Helm's security policy is spelled out in detail in our SECURITY document.

Credits

Disclosed by Jakub Ciolek at AlphaSense.

Severity

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "helm.sh/helm/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.18.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-55199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-14T00:01:34Z",
    "nvd_published_at": "2025-08-14T00:15:27Z",
    "severity": "MODERATE"
  },
  "details": "A Helm contributor discovered that it was possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination.\n\n### Impact\nA malicious chart can point `$ref` in _values.schema.json_ to a device (e.g. `/dev/*`) or other problem file which could cause Helm to use all available memory and have an out of memory (OOM) termination.\n\n### Patches\nThis issue has been resolved in Helm v3.18.5.\n\n### Workarounds\nMake sure that all Helm charts that are being loaded into Helm doesn\u0027t have any reference of `$ref` pointing to `/dev/zero`.\n\n### References\nHelm\u0027s security policy is spelled out in detail in our [SECURITY](https://github.com/helm/community/blob/master/SECURITY.md) document.\n\n### Credits\nDisclosed by Jakub Ciolek at AlphaSense.",
  "id": "GHSA-9h84-qmv7-982p",
  "modified": "2025-08-14T17:14:53Z",
  "published": "2025-08-14T00:01:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/security/advisories/GHSA-9h84-qmv7-982p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55199"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/b78692c18f0fb38fe5ba4571a674de067a4c53a5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/helm/helm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion"
}

GHSA-F6X5-JH6R-WRFV

Vulnerability from github – Published: 2025-11-19 23:16 – Updated: 2025-11-20 16:35

Summary

golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read

Details

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Severity

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "golang.org/x/crypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.45.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-47914"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-19T23:16:40Z",
    "nvd_published_at": "2025-11-19T21:15:50Z",
    "severity": "MODERATE"
  },
  "details": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
  "id": "GHSA-f6x5-jh6r-wrfv",
  "modified": "2025-11-20T16:35:18Z",
  "published": "2025-11-19T23:16:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/721960"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/76364"
    },
    {
      "type": "WEB",
      "url": "https://go.googlesource.com/crypto"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-4135"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read"
}

GHSA-F9F8-9PMF-XV68

Vulnerability from github – Published: 2025-08-14 00:05 – Updated: 2025-08-14 17:15

Summary

Helm May Panic Due To Incorrect YAML Content

Details

A Helm contributor discovered an improper validation of type error when parsing Chart.yaml and index.yaml files that can lead to a panic.

Impact

There are two areas of YAML validation that were impacted. First, when a Chart.yaml file had a null maintainer or the child or parent of a dependencies import-values could be parsed as something other than a string, helm lint would panic. Second, when an index.yaml had an empty entry in the list of chart versions Helm would panic on interactions with that repository.

Patches

This issue has been resolved in Helm v3.18.5.

Workarounds

Ensure YAML files are formatted as Helm expects prior to processing them with Helm.

References

Helm's security policy is spelled out in detail in our SECURITY document.

Credits

Disclosed by Jakub Ciolek at AlphaSense.

Severity

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "helm.sh/helm/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.18.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-55198"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-14T00:05:27Z",
    "nvd_published_at": "2025-08-14T00:15:26Z",
    "severity": "MODERATE"
  },
  "details": "A Helm contributor discovered an improper validation of type error when parsing Chart.yaml and index.yaml files that can lead to a panic.\n\n### Impact\n\nThere are two areas of YAML validation that were impacted. First, when a `Chart.yaml` file had a `null` maintainer or the `child` or `parent` of a dependencies `import-values` could be parsed as something other than a string, `helm lint` would panic. Second, when an `index.yaml` had an empty entry in the list of chart versions Helm would panic on interactions with that repository.\n\n### Patches\n\nThis issue has been resolved in Helm v3.18.5.\n\n### Workarounds\n\nEnsure YAML files are formatted as Helm expects prior to processing them with Helm.\n\n### References\n\nHelm\u0027s security policy is spelled out in detail in our [SECURITY](https://github.com/helm/community/blob/master/SECURITY.md) document.\n\n### Credits\n\nDisclosed by Jakub Ciolek at AlphaSense.",
  "id": "GHSA-f9f8-9pmf-xv68",
  "modified": "2025-08-14T17:15:20Z",
  "published": "2025-08-14T00:05:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55198"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/helm/helm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Helm May Panic Due To Incorrect YAML Content"
}

GHSA-J5W8-Q4QC-RX2X

Vulnerability from github – Published: 2025-11-19 23:01 – Updated: 2025-11-19 23:01

Summary

golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption

Details

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Severity

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "golang.org/x/crypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.45.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-58181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-19T23:01:20Z",
    "nvd_published_at": "2025-11-19T21:15:50Z",
    "severity": "MODERATE"
  },
  "details": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
  "id": "GHSA-j5w8-q4qc-rx2x",
  "modified": "2025-11-19T23:01:20Z",
  "published": "2025-11-19T23:01:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/721961"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/76363"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-4134"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

Vulnerability from cleanstart

CVE-2025-53547 (GCVE-0-2025-53547)

CVE-2025-55198 (GCVE-0-2025-55198)

CVE-2025-55199 (GCVE-0-2025-55199)

CVE-2026-27141 (GCVE-0-2026-27141)

CVE-2026-33186 (GCVE-0-2026-33186)

GHSA-557J-XG8C-Q2MM

Impact

Patches

Workarounds

For more information

Credits

GHSA-9H84-QMV7-982P

Impact

Patches

Workarounds

References

Credits

GHSA-F6X5-JH6R-WRFV

GHSA-F9F8-9PMF-XV68

Impact

Patches

Workarounds

References

Credits

GHSA-J5W8-Q4QC-RX2X

Tags

Sightings

Nomenclature