Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-32280 (GCVE-0-2026-32280)
Vulnerability from cvelistv5 – Published: 2026-04-08 01:06 – Updated: 2026-07-10 12:05- CWE-770 - Allocation of Resources Without Limits or Throttling
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/x509 |
Affected:
0 , < 1.25.9
(semver)
Affected: 1.26.0-0 , < 1.26.2 (semver) |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 10 |
cpe:/a:redhat:ansible_automation_platform:2.6::el10 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10 |
|
| Red Hat | Red Hat Enterprise Linux Server (v. 7 ELS) |
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 |
cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
cpe:/a:redhat:openshift:4.17::el8 cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
cpe:/a:redhat:openshift:4.18::el8 cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 |
cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9 |
|
| Red Hat | Cryostat 4 on RHEL 9 |
cpe:/a:redhat:cryostat:4::el9 |
|
| Red Hat | RHEM 1.0 for RHEL 9 |
cpe:/a:redhat:edge_manager:1.0::el9 |
|
| Red Hat | Red Hat OpenStack Platform 17.1 |
cpe:/a:redhat:openstack:17.1 cpe:/a:redhat:openstack:17.1::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.19 |
cpe:/a:redhat:openshift:4.19::el8 cpe:/a:redhat:openshift:4.19::el9 |
|
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 |
cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 |
|
| Red Hat | Red Hat Satellite 6.19 for RHEL 9 |
cpe:/a:redhat:satellite:6.19::el9 cpe:/a:redhat:satellite_capsule:6.19::el9 cpe:/a:redhat:satellite_maintenance:6.19::el9 cpe:/a:redhat:satellite_utils:6.19::el9 |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 8) |
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream AUS (v.8.6) |
cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.8.6) |
cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream TUS (v.8.6) |
cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.4) |
cpe:/a:redhat:rhel_e4s:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::crb |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 9) |
cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Custom Metric Autoscaler 2.19 |
cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9 |
|
| Red Hat | HawtIO HawtIO 4.4.0 |
cpe:/a:redhat:apache_camel_hawtio:4.4::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.0 |
cpe:/a:redhat:logging:6.0::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.4 |
cpe:/a:redhat:logging:6.4::el9 |
|
| Red Hat | Multicluster Global Hub 1.4.5 |
cpe:/a:redhat:multicluster_globalhub:1.4::el9 |
|
| Red Hat | Multicluster Global Hub 1.5.4 |
cpe:/a:redhat:multicluster_globalhub:1.5::el9 |
|
| Red Hat | Multicluster Global Hub 1.6.2 |
cpe:/a:redhat:multicluster_globalhub:1.6::el9 |
|
| Red Hat | Network Observability (NETOBSERV) 1.11.2 |
cpe:/a:redhat:network_observ_optr:1.11::el9 |
|
| Red Hat | OpenShift API for Data Protection 1.4 |
cpe:/a:redhat:openshift_api_data_protection:1.4::el9 |
|
| Red Hat | OpenShift API for Data Protection 1.5 |
cpe:/a:redhat:openshift_api_data_protection:1.5::el9 |
|
| Red Hat | OpenShift Compliance Operator 1 |
cpe:/a:redhat:openshift_compliance_operator:1::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.14 |
cpe:/a:redhat:acm:2.14::el9 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.10 |
cpe:/a:redhat:advanced_cluster_security:4.10::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.9 |
cpe:/a:redhat:advanced_cluster_security:4.9::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 |
|
| Red Hat | Red Hat Developer Hub 1.8 |
cpe:/a:redhat:rhdh:1.8::el9 |
|
| Red Hat | Red Hat Developer Hub 1.9 |
cpe:/a:redhat:rhdh:1.9::el9 |
|
| Red Hat | Red Hat Edge Manager 1.0 |
cpe:/a:redhat:edge_manager:1.0::el9 |
|
| Red Hat | Red Hat Lightspeed (formerly Insights) for Runtimes 1 |
cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9 |
|
| Red Hat | Red Hat OpenShift AI 2.25 |
cpe:/a:redhat:openshift_ai:2.25::el9 |
|
| Red Hat | Red Hat OpenShift Builds 1.7.4 |
cpe:/a:redhat:openshift_builds:1.7::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.28 |
cpe:/a:redhat:openshift_devspaces:3.28::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 2.6 |
cpe:/a:redhat:service_mesh:2.6::el8 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.1 |
cpe:/a:redhat:service_mesh:3.1::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.2 |
cpe:/a:redhat:service_mesh:3.2::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.3 |
cpe:/a:redhat:service_mesh:3.3::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3 |
cpe:/a:redhat:service_mesh:3.0::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.9.3 |
cpe:/a:redhat:openshift_distributed_tracing:3.9::el9 |
|
| Red Hat | Red Hat OpenStack 1.5 |
cpe:/a:redhat:stf:1.5::el9 |
|
| Red Hat | Red Hat Quay 3.10 |
cpe:/a:redhat:quay:3.10::el8 |
|
| Red Hat | Red Hat Quay 3.14 |
cpe:/a:redhat:quay:3.14::el8 |
|
| Red Hat | Red Hat Quay 3.15 |
cpe:/a:redhat:quay:3.15::el8 |
|
| Red Hat | Red Hat Quay 3.16 |
cpe:/a:redhat:quay:3.16::el9 |
|
| Red Hat | Red Hat Quay 3.17 |
cpe:/a:redhat:quay:3.17::el9 |
|
| Red Hat | Red Hat Quay 3.9 |
cpe:/a:redhat:quay:3.9::el8 |
|
| Red Hat | Red Hat Trusted Artifact Signer 1.3 |
cpe:/a:redhat:trusted_artifact_signer:1.3::el9 |
|
| Red Hat | Red Hat Web Terminal 1.11 |
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.12 |
cpe:/a:redhat:webterminal:1.12::el9 |
|
| Red Hat | Red Hat Web Terminal 1.13 |
cpe:/a:redhat:webterminal:1.13::el9 |
|
| Red Hat | Red Hat Web Terminal 1.14 |
cpe:/a:redhat:webterminal:1.14::el9 |
|
| Red Hat | Red Hat Web Terminal 1.15 |
cpe:/a:redhat:webterminal:1.15::el9 |
|
| Red Hat | mirror registry for Red Hat OpenShift 2.0 |
cpe:/a:redhat:mirror_registry:2.0::el8 |
|
| Red Hat | multicluster engine for Kubernetes 2.10 |
cpe:/a:redhat:multicluster_engine:2.10::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.11 |
cpe:/a:redhat:multicluster_engine:2.11::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.17 |
cpe:/a:redhat:multicluster_engine:2.17::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.6 |
cpe:/a:redhat:multicluster_engine:2.6::el8 |
|
| Red Hat | multicluster engine for Kubernetes 2.8 |
cpe:/a:redhat:multicluster_engine:2.8::el8 |
|
| Red Hat | Assisted Installer for Red Hat OpenShift Container Platform 2 |
cpe:/a:redhat:assisted_installer:2 |
|
| Red Hat | cert-manager Operator for Red Hat OpenShift |
cpe:/a:redhat:cert_manager:1 |
|
| Red Hat | Confidential Compute Attestation |
cpe:/a:redhat:confidential_compute_attestation:1 |
|
| Red Hat | Deployment Validation Operator |
cpe:/a:redhat:deployment_validator_operator |
|
| Red Hat | External Secrets Operator for Red Hat OpenShift |
cpe:/a:redhat:external_secrets_operator:1 |
|
| Red Hat | ExternalDNS Operator |
cpe:/a:redhat:ext_dns_optr:1 |
|
| Red Hat | Fence Agents Remediation Operator |
cpe:/a:redhat:workload_availability_far:0 |
|
| Red Hat | File Integrity Operator |
cpe:/a:redhat:openshift_file_integrity_operator:1 |
|
| Red Hat | Gatekeeper 3 |
cpe:/a:redhat:gatekeeper:3 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift |
cpe:/a:redhat:logging:5 |
|
| Red Hat | Logical Volume Manager Storage |
cpe:/a:redhat:lvms:4 |
|
| Red Hat | Machine Deletion Remediation Operator |
cpe:/a:redhat:workload_availability_mdr:0 |
|
| Red Hat | Migration Toolkit for Containers |
cpe:/a:redhat:rhmt:1 |
|
| Red Hat | mirror registry for Red Hat OpenShift |
cpe:/a:redhat:mirror_registry:1 |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | OpenShift Developer Tools and Services |
cpe:/a:redhat:ocp_tools |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | Red Hat 3scale API Management Platform 2 |
cpe:/a:redhat:red_hat_3scale_amp:2 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 |
cpe:/a:redhat:acm:2 |
|
| Red Hat | Red Hat AI Inference Server |
cpe:/a:redhat:ai_inference_server:3 |
|
| Red Hat | Red Hat Certification Program for Red Hat Enterprise Linux 9 |
cpe:/a:redhat:certifications:9 |
|
| Red Hat | Red Hat Connectivity Link 1 |
cpe:/a:redhat:connectivity_link:1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 |
cpe:/a:redhat:enterprise_linux_ai:3 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Cluster Manager CLI |
cpe:/a:redhat:openshift_cluster_manager_cli:1 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat Openshift Data Foundation 4 |
cpe:/a:redhat:openshift_data_foundation:4 |
|
| Red Hat | Red Hat OpenShift Dev Workspaces Operator |
cpe:/a:redhat:devworkspace |
|
| Red Hat | Red Hat OpenShift GitOps |
cpe:/a:redhat:openshift_gitops:1 |
|
| Red Hat | Red Hat OpenShift on AWS |
cpe:/a:redhat:openshift_service_on_aws:1 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenStack Platform 16.2 |
cpe:/a:redhat:openstack:16.2 |
|
| Red Hat | Red Hat OpenStack Platform 18.0 |
cpe:/a:redhat:openstack:18.0 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | Security Profiles Operator |
cpe:/a:redhat:openshift_security_profiles_operator:1 |
|
| Red Hat | Zero Trust Workload Identity Manager |
cpe:/a:redhat:zero_trust_workload_identity_manager:1 |
|
| Red Hat | Zero Trust Workload Identity Manager - Tech Preview |
cpe:/a:redhat:zero_trust_workload_identity_manager:0 |
|
| Red Hat | Migration Toolkit for Applications 8 |
cpe:/a:redhat:migration_toolkit_applications:8 |
|
| Red Hat | Node HealthCheck Operator |
cpe:/a:redhat:workload_availability_nhc:0 |
|
| Red Hat | OpenShift Service Mesh 2 |
cpe:/a:redhat:service_mesh:2 |
|
| Red Hat | OpenShift Service Mesh 3 |
cpe:/a:redhat:service_mesh:3 |
|
| Red Hat | Power monitoring for Red Hat OpenShift |
cpe:/a:redhat:openshift_power_monitoring |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat OpenShift for Windows Containers |
cpe:/a:redhat:windows_machine_config |
|
| Red Hat | Red Hat Quay 3 |
cpe:/a:redhat:quay:3 |
|
| Red Hat | Red Hat Service Interconnect 1 |
cpe:/a:redhat:service_interconnect:1 |
|
| Red Hat | Red Hat Service Interconnect 2 |
cpe:/a:redhat:service_interconnect:2 |
|
| Red Hat | streams for Apache Kafka 3 |
cpe:/a:redhat:amq_streams:3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-32280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T17:46:14.569488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:46:47.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.14::el8",
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.17::el8",
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el8",
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.16 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4::el9"
],
"defaultStatus": "affected",
"product": "Cryostat 4 on RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1.0::el9"
],
"defaultStatus": "affected",
"product": "RHEM 1.0 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:17.1",
"cpe:/a:redhat:openstack:17.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el8",
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite_capsule:6.16::el9",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.16 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.19::el9",
"cpe:/a:redhat:satellite_capsule:6.19::el9",
"cpe:/a:redhat:satellite_maintenance:6.19::el9",
"cpe:/a:redhat:satellite_utils:6.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.19 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9"
],
"defaultStatus": "affected",
"product": "Custom Metric Autoscaler 2.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4.4::el9"
],
"defaultStatus": "affected",
"product": "HawtIO HawtIO 4.4.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.0::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.4::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.4::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.4.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.5::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.5.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.6::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.6.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.5::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.7.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.28::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.28",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3.9.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:stf:1.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:2.0::el8"
],
"defaultStatus": "affected",
"product": "mirror registry for Red Hat OpenShift 2.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.11::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.17::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el8"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el8"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:assisted_installer:2"
],
"defaultStatus": "affected",
"product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:deployment_validator_operator"
],
"defaultStatus": "affected",
"product": "Deployment Validation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:external_secrets_operator:1"
],
"defaultStatus": "affected",
"product": "External Secrets Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ext_dns_optr:1"
],
"defaultStatus": "affected",
"product": "ExternalDNS Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_far:0"
],
"defaultStatus": "affected",
"product": "Fence Agents Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_file_integrity_operator:1"
],
"defaultStatus": "affected",
"product": "File Integrity Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "affected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lvms:4"
],
"defaultStatus": "affected",
"product": "Logical Volume Manager Storage",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_mdr:0"
],
"defaultStatus": "affected",
"product": "Machine Deletion Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:1"
],
"defaultStatus": "affected",
"product": "mirror registry for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:certifications:9"
],
"defaultStatus": "affected",
"product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_cluster_manager_cli:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Cluster Manager CLI",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:devworkspace"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Workspaces Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_service_on_aws:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift on AWS",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_security_profiles_operator:1"
],
"defaultStatus": "affected",
"product": "Security Profiles Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:1"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "unaffected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "unaffected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_power_monitoring"
],
"defaultStatus": "unaffected",
"product": "Power monitoring for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:windows_machine_config"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift for Windows Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Service Interconnect 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Service Interconnect 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-08T01:06:58.595Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T12:05:46.414Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"name": "RHBZ#2456339",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24762"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28886"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28961"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34097"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21655"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25180"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27076"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14391"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36796"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28047"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23244"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34365"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20569"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23103"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19715"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16024"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19550"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18032"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18027"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17084"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19719"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19750"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20570"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22713"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19714"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20571"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19450"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10217"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29195"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23102"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19133"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22141"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19144"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19135"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24470"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22130"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29035"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24716"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33722"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10704"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16875"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11507"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11514"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15980"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19634"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34192"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34196"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34197"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19721"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20607"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20608"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19722"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16021"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20556"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19839"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28038"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19720"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22709"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17287"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24337"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20609"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14200"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10219"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29703"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19350"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19353"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26447"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22309"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29702"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28074"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26636"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26585"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29854"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26571"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13829"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13791"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36319"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13545"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36651"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22485"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24359"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11688"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16505"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16508"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16537"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16477"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14162"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14020"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24478"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22960"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22958"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22962"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22959"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22961"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22422"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22268"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22415"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28198"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28196"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22258"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22260"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 10, Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:16101: Red Hat Enterprise Linux Server (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:28886: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:28961: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:34097: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:21655: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:25180: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:14391: Cryostat 4 on RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:36796: RHEM 1.0 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:28047: Red Hat OpenStack Platform 17.1"
},
{
"lang": "en",
"value": "RHSA-2026:23244: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:34365: Red Hat Satellite 6.19 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:20569: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:23103: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19715: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:16024: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19550: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:18032: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:18027: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:17084: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19750: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:20570: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:22713: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19714: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:20571: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19450: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:10217: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:29195: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:23102: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19133: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22141: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19144: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:24470: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22130: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:29035: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:24716: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:33722: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:10704: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:16875: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:11507: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:11514: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:15980: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:19634: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:34192: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:34196: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:34197: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:20607: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:20608: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19722: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:16021: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:20556: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19839: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:28038: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:22709: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:17287: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:24337: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:20609: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:14200: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:10219: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:29455: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:29703: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19350: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:26447: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:22309: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:29702: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:28074: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:26636: Custom Metric Autoscaler 2.19"
},
{
"lang": "en",
"value": "RHSA-2026:25089: HawtIO HawtIO 4.4.0"
},
{
"lang": "en",
"value": "RHSA-2026:26585: Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"lang": "en",
"value": "RHSA-2026:22862: Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"lang": "en",
"value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
},
{
"lang": "en",
"value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
},
{
"lang": "en",
"value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
},
{
"lang": "en",
"value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:29854: OpenShift API for Data Protection 1.4"
},
{
"lang": "en",
"value": "RHSA-2026:26568: OpenShift API for Data Protection 1.5"
},
{
"lang": "en",
"value": "RHSA-2026:26571: OpenShift Compliance Operator 1"
},
{
"lang": "en",
"value": "RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"lang": "en",
"value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:36319: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:21338: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:36651: Red Hat Edge Manager 1.0"
},
{
"lang": "en",
"value": "RHSA-2026:22485: Red Hat Lightspeed (formerly Insights) for Runtimes 1"
},
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:24359: Red Hat OpenShift Builds 1.7.4"
},
{
"lang": "en",
"value": "RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"
},
{
"lang": "en",
"value": "RHSA-2026:11688: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:16476: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:16505: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:16532: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:16508: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:16535: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:16537: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:16542: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:16477: Red Hat OpenShift Service Mesh 3"
},
{
"lang": "en",
"value": "RHSA-2026:16534: Red Hat OpenShift Service Mesh 3"
},
{
"lang": "en",
"value": "RHSA-2026:14162: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:14020: Red Hat OpenStack 1.5"
},
{
"lang": "en",
"value": "RHSA-2026:22840: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:24853: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:22465: Red Hat Quay 3.17"
},
{
"lang": "en",
"value": "RHSA-2026:23361: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:24478: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:22960: Red Hat Web Terminal 1.11"
},
{
"lang": "en",
"value": "RHSA-2026:22958: Red Hat Web Terminal 1.12"
},
{
"lang": "en",
"value": "RHSA-2026:22962: Red Hat Web Terminal 1.13"
},
{
"lang": "en",
"value": "RHSA-2026:22959: Red Hat Web Terminal 1.14"
},
{
"lang": "en",
"value": "RHSA-2026:22961: Red Hat Web Terminal 1.15"
},
{
"lang": "en",
"value": "RHSA-2026:28441: mirror registry for Red Hat OpenShift 2.0"
},
{
"lang": "en",
"value": "RHSA-2026:22422: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:22268: multicluster engine for Kubernetes 2.11"
},
{
"lang": "en",
"value": "RHSA-2026:22415: multicluster engine for Kubernetes 2.17"
},
{
"lang": "en",
"value": "RHSA-2026:28198: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:28196: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:22258: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:22260: multicluster engine for Kubernetes 2.8"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-08T02:01:19.572Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-08T01:06:58.595Z",
"value": "Made public."
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/x509",
"product": "crypto/x509",
"programRoutines": [
{
"name": "Certificate.buildChains"
},
{
"name": "Certificate.Verify"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.2",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jakub Ciolek - https://ciolek.dev"
}
],
"descriptions": [
{
"lang": "en",
"value": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T01:06:58.595Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/758320"
},
{
"url": "https://go.dev/issue/78282"
},
{
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"title": "Unexpected work during chain building in crypto/x509"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-32280",
"datePublished": "2026-04-08T01:06:58.595Z",
"dateReserved": "2026-03-11T16:38:46.555Z",
"dateUpdated": "2026-07-10T12:05:46.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-32280",
"date": "2026-07-13",
"epss": "0.00615",
"percentile": "0.45316"
},
"microsoft_vex": {
"current_release_date": "2026-06-09T01:40:50.000Z",
"cve": "CVE-2026-32280",
"id": "msrc_CVE-2026-32280",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"product_status:known_affected": "7",
"product_status:known_not_affected": "8",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Unexpected work during chain building in crypto/x509",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-32280.json",
"version": "5"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-32280\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-04-08T02:16:03.247\",\"lastModified\":\"2026-07-10T12:16:38.577\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"crypto/x509\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"crypto/x509\",\"programRoutines\":[{\"name\":\"Certificate.buildChains\"},{\"name\":\"Certificate.Verify\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.25.9\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.26.0-0\",\"lessThan\":\"1.26.2\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6 for RHEL 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el10\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Server (v. 7 ELS)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_els:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.5 for RHEL 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.5::el8\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.14::el8\",\"cpe:/a:redhat:openshift:4.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.15::el8\",\"cpe:/a:redhat:openshift:4.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.17::el8\",\"cpe:/a:redhat:openshift:4.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.18::el8\",\"cpe:/a:redhat:openshift:4.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.16 for RHEL 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.16::el8\",\"cpe:/a:redhat:satellite_capsule:6.16::el8\",\"cpe:/a:redhat:satellite_maintenance:6.16::el8\",\"cpe:/a:redhat:satellite_utils:6.16::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.5 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.5::el9\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4 on RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"RHEM 1.0 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 17.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:17.1\",\"cpe:/a:redhat:openstack:17.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.19::el8\",\"cpe:/a:redhat:openshift:4.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.16 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.16::el9\",\"cpe:/a:redhat:satellite_capsule:6.16::el9\",\"cpe:/a:redhat:satellite_maintenance:6.16::el9\",\"cpe:/a:redhat:satellite_utils:6.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.19 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.19::el9\",\"cpe:/a:redhat:satellite_capsule:6.19::el9\",\"cpe:/a:redhat:satellite_maintenance:6.19::el9\",\"cpe:/a:redhat:satellite_utils:6.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\",\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream TUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat CodeReady Linux Builder EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Custom Metric Autoscaler 2.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"HawtIO HawtIO 4.4.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:apache_camel_hawtio:4.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.4.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.5.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.6.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Network Observability (NETOBSERV) 1.11.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:network_observ_optr:1.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection 1.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection 1.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Compliance Operator 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.8::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Edge Manager 1.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Lightspeed (formerly Insights) for Runtimes 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI 2.25\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai:2.25::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Builds 1.7.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_builds:1.7::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces 3.28\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.28::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift distributed tracing 3.9.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack 1.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:stf:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.14::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.15::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer 1.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.11\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.12\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.12::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.13\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.13::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"mirror registry for Red Hat OpenShift 2.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:mirror_registry:2.0::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.10::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.11\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.8::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Assisted Installer for Red Hat OpenShift Container Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:assisted_installer:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"cert-manager Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cert_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Confidential Compute Attestation\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:confidential_compute_attestation:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Deployment Validation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:deployment_validator_operator\"]},{\"vendor\":\"Red Hat\",\"product\":\"External Secrets Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:external_secrets_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"ExternalDNS Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ext_dns_optr:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Fence Agents Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_far:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"File Integrity Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_file_integrity_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Gatekeeper 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:gatekeeper:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:5\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logical Volume Manager Storage\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lvms:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Machine Deletion Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_mdr:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhmt:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"mirror registry for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:mirror_registry:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Developer Tools and Services\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ocp_tools\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Lightspeed\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_lightspeed\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Serverless\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:serverless:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat 3scale API Management Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:red_hat_3scale_amp:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Certification Program for Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:certifications:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Connectivity Link 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:connectivity_link:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Cluster Manager CLI\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Workspaces Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:devworkspace\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift on AWS\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_service_on_aws:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 16.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:16.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 18.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:18.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Security Profiles Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_security_profiles_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Applications 8\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:migration_toolkit_applications:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Node HealthCheck Operator\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_nhc:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Power monitoring for Red Hat OpenShift\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_power_monitoring\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift for Windows Containers\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:windows_machine_config\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:quay:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 1\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:3\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-08T17:46:14.569488Z\",\"id\":\"CVE-2026-32280\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.25.9\",\"matchCriteriaId\":\"C6C9C072-9817-402D-877F-F83584B07017\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.26.0\",\"versionEndExcluding\":\"1.26.2\",\"matchCriteriaId\":\"39FE9BAF-55E9-43AA-B14E-239E7EF1D65D\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/758320\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/78282\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4947\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10217\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10219\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10704\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11507\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11514\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11688\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13545\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13791\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13826\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13829\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14020\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14162\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14200\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14391\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:15980\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16021\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16024\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16101\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16476\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16477\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16505\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16508\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16532\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16534\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16535\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16537\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16542\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16874\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16875\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17084\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17287\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18027\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18032\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19133\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19135\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19144\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19350\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19353\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19375\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19450\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19550\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19634\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19714\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19715\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19719\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19720\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19721\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19722\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19750\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19839\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20556\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20569\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20570\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20571\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20607\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20608\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20609\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20889\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21017\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21338\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21655\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21769\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21772\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22130\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22141\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22258\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22260\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22268\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22309\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22347\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22415\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22422\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22465\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22485\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22709\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22713\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22840\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22862\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22958\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22959\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22960\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22961\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22962\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23102\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23103\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23244\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23345\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23361\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24337\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24359\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24470\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24478\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24716\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24761\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24762\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24853\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24977\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25089\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25127\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25180\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26447\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26568\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26571\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26585\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26636\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27076\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28038\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28047\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28074\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28196\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28198\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28441\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28886\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28961\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29035\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29195\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29455\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29702\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29703\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29854\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33722\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34097\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34192\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34196\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34197\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34365\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36319\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36651\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36796\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9385\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-32280\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2456339\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-09T20:57:56+00:00",
"cve": "CVE-2026-32280",
"id": "CVE-2026-32280",
"initial_release_date": "2026-04-08T01:06:58.595000+00:00",
"product_status:fixed": "2567",
"product_status:known_affected": "187",
"product_status:known_not_affected": "2664",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el10\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6 for RHEL 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_els:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux Server (v. 7 ELS)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.5 for RHEL 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el8\", \"cpe:/a:redhat:openshift:4.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.15::el8\", \"cpe:/a:redhat:openshift:4.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el8\", \"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.18::el8\", \"cpe:/a:redhat:openshift:4.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.18\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.16::el8\", \"cpe:/a:redhat:satellite_capsule:6.16::el8\", \"cpe:/a:redhat:satellite_maintenance:6.16::el8\", \"cpe:/a:redhat:satellite_utils:6.16::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.16 for RHEL 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.5 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4 on RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:edge_manager:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"RHEM 1.0 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:17.1\", \"cpe:/a:redhat:openstack:17.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 17.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.19::el8\", \"cpe:/a:redhat:openshift:4.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.16::el9\", \"cpe:/a:redhat:satellite_capsule:6.16::el9\", \"cpe:/a:redhat:satellite_maintenance:6.16::el9\", \"cpe:/a:redhat:satellite_utils:6.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.16 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.19::el9\", \"cpe:/a:redhat:satellite_capsule:6.19::el9\", \"cpe:/a:redhat:satellite_maintenance:6.19::el9\", \"cpe:/a:redhat:satellite_utils:6.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.19 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\", \"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream TUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat CodeReady Linux Builder EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Custom Metric Autoscaler 2.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:apache_camel_hawtio:4.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"HawtIO HawtIO 4.4.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift 6.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift 6.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub:1.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub 1.4.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub 1.5.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub:1.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub 1.6.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:network_observ_optr:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Network Observability (NETOBSERV) 1.11.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_api_data_protection:1.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift API for Data Protection 1.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_api_data_protection:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift API for Data Protection 1.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Compliance Operator 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.10::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.8::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:edge_manager:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Edge Manager 1.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Lightspeed (formerly Insights) for Runtimes 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai:2.25::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI 2.25\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_builds:1.7::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Builds 1.7.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3.28::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces 3.28\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.9.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:stf:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack 1.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.10::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.14::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.15::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.16\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer 1.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.11\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.12::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.12\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.13\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:mirror_registry:2.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"mirror registry for Red Hat OpenShift 2.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.11\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.8::el8\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:assisted_installer:2\"], \"vendor\": \"Red Hat\", \"product\": \"Assisted Installer for Red Hat OpenShift Container Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cert_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"cert-manager Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1\"], \"vendor\": \"Red Hat\", \"product\": \"Confidential Compute Attestation\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:deployment_validator_operator\"], \"vendor\": \"Red Hat\", \"product\": \"Deployment Validation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:external_secrets_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"External Secrets Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ext_dns_optr:1\"], \"vendor\": \"Red Hat\", \"product\": \"ExternalDNS Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_far:0\"], \"vendor\": \"Red Hat\", \"product\": \"Fence Agents Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_file_integrity_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"File Integrity Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:gatekeeper:3\"], \"vendor\": \"Red Hat\", \"product\": \"Gatekeeper 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:5\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lvms:4\"], \"vendor\": \"Red Hat\", \"product\": \"Logical Volume Manager Storage\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_mdr:0\"], \"vendor\": \"Red Hat\", \"product\": \"Machine Deletion Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhmt:1\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Containers\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:mirror_registry:1\"], \"vendor\": \"Red Hat\", \"product\": \"mirror registry for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Engine for Kubernetes\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ocp_tools\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Developer Tools and Services\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_lightspeed\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Lightspeed\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_pipelines:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Pipelines\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:serverless:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Serverless\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_3scale_amp:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat 3scale API Management Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:certifications:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Certification Program for Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:connectivity_link:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Connectivity Link 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Cluster Manager CLI\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_data_foundation:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Openshift Data Foundation 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:devworkspace\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Workspaces Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_service_on_aws:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift on AWS\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:container_native_virtualization:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Virtualization 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:16.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 16.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:18.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 18.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_security_profiles_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"Security Profiles Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager - Tech Preview\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:migration_toolkit_applications:8\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Applications 8\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_nhc:0\"], \"vendor\": \"Red Hat\", \"product\": \"Node HealthCheck Operator\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_power_monitoring\"], \"vendor\": \"Red Hat\", \"product\": \"Power monitoring for Red Hat OpenShift\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:windows_machine_config\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift for Windows Containers\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 1\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:3\"], \"vendor\": \"Red Hat\", \"product\": \"streams for Apache Kafka 3\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-08T02:01:19.572Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-04-08T01:06:58.595Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 10, Red Hat Ansible Automation Platform 2.6 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16101: Red Hat Enterprise Linux Server (v. 7 ELS)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28886: Red Hat OpenShift Container Platform 4.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28961: Red Hat OpenShift Container Platform 4.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34097: Red Hat OpenShift Container Platform 4.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21655: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25180: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14391: Cryostat 4 on RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36796: RHEM 1.0 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28047: Red Hat OpenStack Platform 17.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23244: Red Hat OpenShift Container Platform 4.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34365: Red Hat Satellite 6.19 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20569: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23103: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19715: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16024: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19550: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:18032: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:18027: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17084: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19750: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20570: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22713: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19714: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20571: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19450: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10217: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29195: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23102: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19133: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22141: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19144: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24470: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22130: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29035: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24716: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33722: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10704: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16875: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11507: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11514: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:15980: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19634: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34192: Red Hat Enterprise Linux AppStream E4S (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34196: Red Hat Enterprise Linux AppStream E4S (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34197: Red Hat Enterprise Linux AppStream E4S (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20607: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20608: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19722: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16021: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20556: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19839: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28038: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22709: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17287: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24337: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20609: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14200: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10219: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29455: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29703: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19350: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26447: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22309: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29702: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28074: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26636: Custom Metric Autoscaler 2.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25089: HawtIO HawtIO 4.4.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26585: Logging Subsystem for Red Hat OpenShift 6.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22862: Logging Subsystem for Red Hat OpenShift 6.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22347: Multicluster Global Hub 1.4.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21769: Multicluster Global Hub 1.5.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23345: Multicluster Global Hub 1.6.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29854: OpenShift API for Data Protection 1.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26568: OpenShift API for Data Protection 1.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26571: OpenShift Compliance Operator 1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36319: Red Hat Advanced Cluster Security for Kubernetes 4.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21338: Red Hat Developer Hub 1.8\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13826: Red Hat Developer Hub 1.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36651: Red Hat Edge Manager 1.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22485: Red Hat Lightspeed (formerly Insights) for Runtimes 1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24977: Red Hat OpenShift AI 2.25\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24359: Red Hat OpenShift Builds 1.7.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11688: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16476: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16477: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16534: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16505: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16532: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16508: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16535: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16537: Red Hat OpenShift Service Mesh 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16542: Red Hat OpenShift Service Mesh 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14162: Red Hat OpenShift distributed tracing 3.9.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14020: Red Hat OpenStack 1.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22840: Red Hat Quay 3.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21017: Red Hat Quay 3.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24853: Red Hat Quay 3.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19375: Red Hat Quay 3.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22465: Red Hat Quay 3.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23361: Red Hat Quay 3.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24478: Red Hat Trusted Artifact Signer 1.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22960: Red Hat Web Terminal 1.11\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22958: Red Hat Web Terminal 1.12\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22962: Red Hat Web Terminal 1.13\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22959: Red Hat Web Terminal 1.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22961: Red Hat Web Terminal 1.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28441: mirror registry for Red Hat OpenShift 2.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22422: multicluster engine for Kubernetes 2.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22268: multicluster engine for Kubernetes 2.11\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22415: multicluster engine for Kubernetes 2.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28198: multicluster engine for Kubernetes 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28196: multicluster engine for Kubernetes 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22258: multicluster engine for Kubernetes 2.8\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22260: multicluster engine for Kubernetes 2.8\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-04-08T01:06:58.595Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-32280\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2456339\", \"name\": \"RHBZ#2456339\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24762\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16101\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24761\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28886\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28961\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34097\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21655\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25180\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:27076\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14391\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36796\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28047\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23244\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34365\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20569\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23103\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19715\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16024\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19550\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:18032\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:18027\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17084\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19719\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19750\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20570\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22713\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19714\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20571\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19450\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10217\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29195\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23102\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19133\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22141\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19144\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19135\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24470\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22130\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29035\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24716\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33722\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10704\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16875\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11507\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11514\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:15980\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19634\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34192\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34196\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34197\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19721\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20607\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20608\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19722\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16021\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20556\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19839\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28038\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19720\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22709\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17287\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24337\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20609\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14200\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10219\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29455\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29703\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19350\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19353\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26447\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22309\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29702\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28074\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26636\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25089\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26585\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22862\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22347\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21769\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23345\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16874\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29854\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26568\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26571\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25127\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13829\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20889\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13791\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36319\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13545\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21338\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13826\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36651\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22485\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24977\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24359\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21772\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11688\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16476\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16477\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16534\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16505\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16532\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16508\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16535\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16537\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16542\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14162\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9385\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14020\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22840\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21017\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24853\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19375\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22465\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23361\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24478\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22960\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22958\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22962\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22959\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22961\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28441\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22422\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22268\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22415\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28198\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28196\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22258\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22260\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-09T12:09:15.670Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32280\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-08T17:46:14.569488Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-08T17:45:30.925Z\"}}], \"cna\": {\"title\": \"Unexpected work during chain building in crypto/x509\", \"credits\": [{\"lang\": \"en\", \"value\": \"Jakub Ciolek - https://ciolek.dev\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/x509\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.25.9\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-0\", \"lessThan\": \"1.26.2\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/x509\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Certificate.buildChains\"}, {\"name\": \"Certificate.Verify\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/758320\"}, {\"url\": \"https://go.dev/issue/78282\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4947\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-04-08T01:06:58.595Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-32280\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-09T12:09:15.670Z\", \"dateReserved\": \"2026-03-11T16:38:46.555Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-04-08T01:06:58.595Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:16021
Vulnerability from csaf_redhat - Published: 2026-05-11 18:39 - Updated: 2026-07-13 17:31A flaw was found in the Go programming language (golang) and its command-line tool (cmd/go). A remote attacker could exploit this during the build process by crafting malicious SWIG (Simplified Wrapper and Interface Generator) file names that contain "cgo" and specific payloads. This could lead to code smuggling and arbitrary code execution, bypassing trust mechanisms and allowing the attacker to run unauthorized code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
|
A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for golang is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\n* golang: cmd/compile: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names (CVE-2026-27140)\n\n* golang: cmd/compile: possible memory corruption after bound check elimination (CVE-2026-27143)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16021",
"url": "https://access.redhat.com/errata/RHSA-2026:16021"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "2456341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456341"
},
{
"category": "external",
"summary": "2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16021.json"
}
],
"title": "Red Hat Security Advisory: golang security update",
"tracking": {
"current_release_date": "2026-07-13T17:31:44+00:00",
"generator": {
"date": "2026-07-13T17:31:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:16021",
"initial_release_date": "2026-05-11T18:39:46+00:00",
"revision_history": [
{
"date": "2026-05-11T18:39:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-11T18:39:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T17:31:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.25.9-1.el9_6.ppc64le",
"product": {
"name": "go-toolset-0:1.25.9-1.el9_6.ppc64le",
"product_id": "go-toolset-0:1.25.9-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.25.9-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.25.9-1.el9_6.ppc64le",
"product": {
"name": "golang-0:1.25.9-1.el9_6.ppc64le",
"product_id": "golang-0:1.25.9-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.9-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.25.9-1.el9_6.ppc64le",
"product": {
"name": "golang-bin-0:1.25.9-1.el9_6.ppc64le",
"product_id": "golang-bin-0:1.25.9-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.25.9-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.25.9-1.el9_6.ppc64le",
"product": {
"name": "golang-race-0:1.25.9-1.el9_6.ppc64le",
"product_id": "golang-race-0:1.25.9-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.25.9-1.el9_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.25.9-1.el9_6.x86_64",
"product": {
"name": "go-toolset-0:1.25.9-1.el9_6.x86_64",
"product_id": "go-toolset-0:1.25.9-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.25.9-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.25.9-1.el9_6.x86_64",
"product": {
"name": "golang-0:1.25.9-1.el9_6.x86_64",
"product_id": "golang-0:1.25.9-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.9-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.25.9-1.el9_6.x86_64",
"product": {
"name": "golang-bin-0:1.25.9-1.el9_6.x86_64",
"product_id": "golang-bin-0:1.25.9-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.25.9-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.25.9-1.el9_6.x86_64",
"product": {
"name": "golang-race-0:1.25.9-1.el9_6.x86_64",
"product_id": "golang-race-0:1.25.9-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.25.9-1.el9_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.25.9-1.el9_6.s390x",
"product": {
"name": "go-toolset-0:1.25.9-1.el9_6.s390x",
"product_id": "go-toolset-0:1.25.9-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.25.9-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.25.9-1.el9_6.s390x",
"product": {
"name": "golang-0:1.25.9-1.el9_6.s390x",
"product_id": "golang-0:1.25.9-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.9-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.25.9-1.el9_6.s390x",
"product": {
"name": "golang-bin-0:1.25.9-1.el9_6.s390x",
"product_id": "golang-bin-0:1.25.9-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.25.9-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.25.9-1.el9_6.s390x",
"product": {
"name": "golang-race-0:1.25.9-1.el9_6.s390x",
"product_id": "golang-race-0:1.25.9-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.25.9-1.el9_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.25.9-1.el9_6.aarch64",
"product": {
"name": "go-toolset-0:1.25.9-1.el9_6.aarch64",
"product_id": "go-toolset-0:1.25.9-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.25.9-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.25.9-1.el9_6.aarch64",
"product": {
"name": "golang-0:1.25.9-1.el9_6.aarch64",
"product_id": "golang-0:1.25.9-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.9-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.25.9-1.el9_6.aarch64",
"product": {
"name": "golang-bin-0:1.25.9-1.el9_6.aarch64",
"product_id": "golang-bin-0:1.25.9-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.25.9-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.25.9-1.el9_6.aarch64",
"product": {
"name": "golang-race-0:1.25.9-1.el9_6.aarch64",
"product_id": "golang-race-0:1.25.9-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.25.9-1.el9_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-0:1.25.9-1.el9_6.src",
"product": {
"name": "golang-0:1.25.9-1.el9_6.src",
"product_id": "golang-0:1.25.9-1.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.9-1.el9_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-docs-0:1.25.9-1.el9_6.noarch",
"product": {
"name": "golang-docs-0:1.25.9-1.el9_6.noarch",
"product_id": "golang-docs-0:1.25.9-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-docs@1.25.9-1.el9_6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-misc-0:1.25.9-1.el9_6.noarch",
"product": {
"name": "golang-misc-0:1.25.9-1.el9_6.noarch",
"product_id": "golang-misc-0:1.25.9-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-misc@1.25.9-1.el9_6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-src-0:1.25.9-1.el9_6.noarch",
"product": {
"name": "golang-src-0:1.25.9-1.el9_6.noarch",
"product_id": "golang-src-0:1.25.9-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-src@1.25.9-1.el9_6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-tests-0:1.25.9-1.el9_6.noarch",
"product": {
"name": "golang-tests-0:1.25.9-1.el9_6.noarch",
"product_id": "golang-tests-0:1.25.9-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-tests@1.25.9-1.el9_6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.25.9-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64"
},
"product_reference": "go-toolset-0:1.25.9-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.25.9-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le"
},
"product_reference": "go-toolset-0:1.25.9-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.25.9-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x"
},
"product_reference": "go-toolset-0:1.25.9-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.25.9-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64"
},
"product_reference": "go-toolset-0:1.25.9-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.9-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64"
},
"product_reference": "golang-0:1.25.9-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.9-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le"
},
"product_reference": "golang-0:1.25.9-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.9-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x"
},
"product_reference": "golang-0:1.25.9-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.9-1.el9_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src"
},
"product_reference": "golang-0:1.25.9-1.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.9-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64"
},
"product_reference": "golang-0:1.25.9-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.25.9-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64"
},
"product_reference": "golang-bin-0:1.25.9-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.25.9-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le"
},
"product_reference": "golang-bin-0:1.25.9-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.25.9-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x"
},
"product_reference": "golang-bin-0:1.25.9-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.25.9-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64"
},
"product_reference": "golang-bin-0:1.25.9-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-docs-0:1.25.9-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch"
},
"product_reference": "golang-docs-0:1.25.9-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-misc-0:1.25.9-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch"
},
"product_reference": "golang-misc-0:1.25.9-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.25.9-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64"
},
"product_reference": "golang-race-0:1.25.9-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.25.9-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le"
},
"product_reference": "golang-race-0:1.25.9-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.25.9-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x"
},
"product_reference": "golang-race-0:1.25.9-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.25.9-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64"
},
"product_reference": "golang-race-0:1.25.9-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-src-0:1.25.9-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch"
},
"product_reference": "golang-src-0:1.25.9-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-tests-0:1.25.9-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
},
"product_reference": "golang-tests-0:1.25.9-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27140",
"cwe": {
"id": "CWE-641",
"name": "Improper Restriction of Names for Files and Other Resources"
},
"discovery_date": "2026-04-08T02:01:26.299804+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go programming language (golang) and its command-line tool (cmd/go). A remote attacker could exploit this during the build process by crafting malicious SWIG (Simplified Wrapper and Interface Generator) file names that contain \"cgo\" and specific payloads. This could lead to code smuggling and arbitrary code execution, bypassing trust mechanisms and allowing the attacker to run unauthorized code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27140"
},
{
"category": "external",
"summary": "RHBZ#2456341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27140",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27140"
},
{
"category": "external",
"summary": "https://go.dev/cl/763768",
"url": "https://go.dev/cl/763768"
},
{
"category": "external",
"summary": "https://go.dev/issue/78335",
"url": "https://go.dev/issue/78335"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4871",
"url": "https://pkg.go.dev/vuln/GO-2026-4871"
}
],
"release_date": "2026-04-08T01:06:57.893000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:39:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16021"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names"
},
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:39:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16021"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:39:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16021"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:39:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16021"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:39:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16021"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:39:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16021"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:39:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16021"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:go-toolset-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:golang-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-bin-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-docs-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-misc-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:golang-race-0:1.25.9-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:golang-src-0:1.25.9-1.el9_6.noarch",
"AppStream-9.6.0.Z.EUS:golang-tests-0:1.25.9-1.el9_6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
}
]
}
RHSA-2026:16024
Vulnerability from csaf_redhat - Published: 2026-05-11 16:23 - Updated: 2026-07-13 17:31A flaw was found in the Go programming language (golang) and its command-line tool (cmd/go). A remote attacker could exploit this during the build process by crafting malicious SWIG (Simplified Wrapper and Interface Generator) file names that contain "cgo" and specific payloads. This could lead to code smuggling and arbitrary code execution, bypassing trust mechanisms and allowing the attacker to run unauthorized code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
|
A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for golang is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\n* golang: cmd/compile: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names (CVE-2026-27140)\n\n* golang: cmd/compile: possible memory corruption after bound check elimination (CVE-2026-27143)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16024",
"url": "https://access.redhat.com/errata/RHSA-2026:16024"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "2456341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456341"
},
{
"category": "external",
"summary": "2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16024.json"
}
],
"title": "Red Hat Security Advisory: golang security update",
"tracking": {
"current_release_date": "2026-07-13T17:31:44+00:00",
"generator": {
"date": "2026-07-13T17:31:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:16024",
"initial_release_date": "2026-05-11T16:23:41+00:00",
"revision_history": [
{
"date": "2026-05-11T16:23:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-11T16:23:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T17:31:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.25.9-1.el10_0.aarch64",
"product": {
"name": "go-toolset-0:1.25.9-1.el10_0.aarch64",
"product_id": "go-toolset-0:1.25.9-1.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.25.9-1.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.25.9-1.el10_0.aarch64",
"product": {
"name": "golang-0:1.25.9-1.el10_0.aarch64",
"product_id": "golang-0:1.25.9-1.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.9-1.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.25.9-1.el10_0.aarch64",
"product": {
"name": "golang-bin-0:1.25.9-1.el10_0.aarch64",
"product_id": "golang-bin-0:1.25.9-1.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.25.9-1.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.25.9-1.el10_0.aarch64",
"product": {
"name": "golang-race-0:1.25.9-1.el10_0.aarch64",
"product_id": "golang-race-0:1.25.9-1.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.25.9-1.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.25.9-1.el10_0.ppc64le",
"product": {
"name": "go-toolset-0:1.25.9-1.el10_0.ppc64le",
"product_id": "go-toolset-0:1.25.9-1.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.25.9-1.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.25.9-1.el10_0.ppc64le",
"product": {
"name": "golang-0:1.25.9-1.el10_0.ppc64le",
"product_id": "golang-0:1.25.9-1.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.9-1.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.25.9-1.el10_0.ppc64le",
"product": {
"name": "golang-bin-0:1.25.9-1.el10_0.ppc64le",
"product_id": "golang-bin-0:1.25.9-1.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.25.9-1.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.25.9-1.el10_0.ppc64le",
"product": {
"name": "golang-race-0:1.25.9-1.el10_0.ppc64le",
"product_id": "golang-race-0:1.25.9-1.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.25.9-1.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.25.9-1.el10_0.x86_64",
"product": {
"name": "go-toolset-0:1.25.9-1.el10_0.x86_64",
"product_id": "go-toolset-0:1.25.9-1.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.25.9-1.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.25.9-1.el10_0.x86_64",
"product": {
"name": "golang-0:1.25.9-1.el10_0.x86_64",
"product_id": "golang-0:1.25.9-1.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.9-1.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.25.9-1.el10_0.x86_64",
"product": {
"name": "golang-bin-0:1.25.9-1.el10_0.x86_64",
"product_id": "golang-bin-0:1.25.9-1.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.25.9-1.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.25.9-1.el10_0.x86_64",
"product": {
"name": "golang-race-0:1.25.9-1.el10_0.x86_64",
"product_id": "golang-race-0:1.25.9-1.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.25.9-1.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.25.9-1.el10_0.s390x",
"product": {
"name": "go-toolset-0:1.25.9-1.el10_0.s390x",
"product_id": "go-toolset-0:1.25.9-1.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.25.9-1.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.25.9-1.el10_0.s390x",
"product": {
"name": "golang-0:1.25.9-1.el10_0.s390x",
"product_id": "golang-0:1.25.9-1.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.9-1.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.25.9-1.el10_0.s390x",
"product": {
"name": "golang-bin-0:1.25.9-1.el10_0.s390x",
"product_id": "golang-bin-0:1.25.9-1.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.25.9-1.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.25.9-1.el10_0.s390x",
"product": {
"name": "golang-race-0:1.25.9-1.el10_0.s390x",
"product_id": "golang-race-0:1.25.9-1.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.25.9-1.el10_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-0:1.25.9-1.el10_0.src",
"product": {
"name": "golang-0:1.25.9-1.el10_0.src",
"product_id": "golang-0:1.25.9-1.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.25.9-1.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-docs-0:1.25.9-1.el10_0.noarch",
"product": {
"name": "golang-docs-0:1.25.9-1.el10_0.noarch",
"product_id": "golang-docs-0:1.25.9-1.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-docs@1.25.9-1.el10_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-misc-0:1.25.9-1.el10_0.noarch",
"product": {
"name": "golang-misc-0:1.25.9-1.el10_0.noarch",
"product_id": "golang-misc-0:1.25.9-1.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-misc@1.25.9-1.el10_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-src-0:1.25.9-1.el10_0.noarch",
"product": {
"name": "golang-src-0:1.25.9-1.el10_0.noarch",
"product_id": "golang-src-0:1.25.9-1.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-src@1.25.9-1.el10_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-tests-0:1.25.9-1.el10_0.noarch",
"product": {
"name": "golang-tests-0:1.25.9-1.el10_0.noarch",
"product_id": "golang-tests-0:1.25.9-1.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-tests@1.25.9-1.el10_0?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.25.9-1.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64"
},
"product_reference": "go-toolset-0:1.25.9-1.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.25.9-1.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le"
},
"product_reference": "go-toolset-0:1.25.9-1.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.25.9-1.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x"
},
"product_reference": "go-toolset-0:1.25.9-1.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.25.9-1.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64"
},
"product_reference": "go-toolset-0:1.25.9-1.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.9-1.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64"
},
"product_reference": "golang-0:1.25.9-1.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.9-1.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le"
},
"product_reference": "golang-0:1.25.9-1.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.9-1.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x"
},
"product_reference": "golang-0:1.25.9-1.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.9-1.el10_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src"
},
"product_reference": "golang-0:1.25.9-1.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.25.9-1.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64"
},
"product_reference": "golang-0:1.25.9-1.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.25.9-1.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64"
},
"product_reference": "golang-bin-0:1.25.9-1.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.25.9-1.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le"
},
"product_reference": "golang-bin-0:1.25.9-1.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.25.9-1.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x"
},
"product_reference": "golang-bin-0:1.25.9-1.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.25.9-1.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64"
},
"product_reference": "golang-bin-0:1.25.9-1.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-docs-0:1.25.9-1.el10_0.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch"
},
"product_reference": "golang-docs-0:1.25.9-1.el10_0.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-misc-0:1.25.9-1.el10_0.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch"
},
"product_reference": "golang-misc-0:1.25.9-1.el10_0.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.25.9-1.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64"
},
"product_reference": "golang-race-0:1.25.9-1.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.25.9-1.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le"
},
"product_reference": "golang-race-0:1.25.9-1.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.25.9-1.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x"
},
"product_reference": "golang-race-0:1.25.9-1.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.25.9-1.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64"
},
"product_reference": "golang-race-0:1.25.9-1.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-src-0:1.25.9-1.el10_0.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch"
},
"product_reference": "golang-src-0:1.25.9-1.el10_0.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-tests-0:1.25.9-1.el10_0.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
},
"product_reference": "golang-tests-0:1.25.9-1.el10_0.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27140",
"cwe": {
"id": "CWE-641",
"name": "Improper Restriction of Names for Files and Other Resources"
},
"discovery_date": "2026-04-08T02:01:26.299804+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456341"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go programming language (golang) and its command-line tool (cmd/go). A remote attacker could exploit this during the build process by crafting malicious SWIG (Simplified Wrapper and Interface Generator) file names that contain \"cgo\" and specific payloads. This could lead to code smuggling and arbitrary code execution, bypassing trust mechanisms and allowing the attacker to run unauthorized code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27140"
},
{
"category": "external",
"summary": "RHBZ#2456341",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456341"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27140",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27140"
},
{
"category": "external",
"summary": "https://go.dev/cl/763768",
"url": "https://go.dev/cl/763768"
},
{
"category": "external",
"summary": "https://go.dev/issue/78335",
"url": "https://go.dev/issue/78335"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4871",
"url": "https://pkg.go.dev/vuln/GO-2026-4871"
}
],
"release_date": "2026-04-08T01:06:57.893000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T16:23:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16024"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names"
},
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T16:23:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16024"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T16:23:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16024"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T16:23:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16024"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T16:23:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16024"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T16:23:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16024"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T16:23:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16024"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:go-toolset-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.src",
"AppStream-10.0.Z.E2S:golang-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-bin-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-docs-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-misc-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.aarch64",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.s390x",
"AppStream-10.0.Z.E2S:golang-race-0:1.25.9-1.el10_0.x86_64",
"AppStream-10.0.Z.E2S:golang-src-0:1.25.9-1.el10_0.noarch",
"AppStream-10.0.Z.E2S:golang-tests-0:1.25.9-1.el10_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
}
]
}
RHSA-2026:16101
Vulnerability from csaf_redhat - Published: 2026-05-11 22:53 - Updated: 2026-07-13 17:31A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for host-metering is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Host metering service\n\nSecurity Fix(es):\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16101",
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16101.json"
}
],
"title": "Red Hat Security Advisory: host-metering security update",
"tracking": {
"current_release_date": "2026-07-13T17:31:45+00:00",
"generator": {
"date": "2026-07-13T17:31:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:16101",
"initial_release_date": "2026-05-11T22:53:25+00:00",
"revision_history": [
{
"date": "2026-05-11T22:53:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-11T22:53:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T17:31:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "host-metering-0:1.4.0-7.el7_9.src",
"product": {
"name": "host-metering-0:1.4.0-7.el7_9.src",
"product_id": "host-metering-0:1.4.0-7.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering@1.4.0-7.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "host-metering-0:1.4.0-7.el7_9.ppc64le",
"product": {
"name": "host-metering-0:1.4.0-7.el7_9.ppc64le",
"product_id": "host-metering-0:1.4.0-7.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering@1.4.0-7.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"product": {
"name": "host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"product_id": "host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering-debugsource@1.4.0-7.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"product": {
"name": "host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"product_id": "host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering-debuginfo@1.4.0-7.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "host-metering-0:1.4.0-7.el7_9.x86_64",
"product": {
"name": "host-metering-0:1.4.0-7.el7_9.x86_64",
"product_id": "host-metering-0:1.4.0-7.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering@1.4.0-7.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"product": {
"name": "host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"product_id": "host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering-debugsource@1.4.0-7.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"product": {
"name": "host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"product_id": "host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering-debuginfo@1.4.0-7.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "host-metering-selinux-0:1.4.0-7.el7_9.noarch",
"product": {
"name": "host-metering-selinux-0:1.4.0-7.el7_9.noarch",
"product_id": "host-metering-selinux-0:1.4.0-7.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/host-metering-selinux@1.4.0-7.el7_9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-0:1.4.0-7.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le"
},
"product_reference": "host-metering-0:1.4.0-7.el7_9.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-0:1.4.0-7.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-0:1.4.0-7.el7_9.src"
},
"product_reference": "host-metering-0:1.4.0-7.el7_9.src",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-0:1.4.0-7.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64"
},
"product_reference": "host-metering-0:1.4.0-7.el7_9.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le"
},
"product_reference": "host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64"
},
"product_reference": "host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le"
},
"product_reference": "host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-debugsource-0:1.4.0-7.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64"
},
"product_reference": "host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "host-metering-selinux-0:1.4.0-7.el7_9.noarch as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
},
"product_reference": "host-metering-selinux-0:1.4.0-7.el7_9.noarch",
"relates_to_product_reference": "7Server-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T22:53:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T22:53:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T22:53:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T22:53:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.src",
"7Server-ELS:host-metering-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debuginfo-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.ppc64le",
"7Server-ELS:host-metering-debugsource-0:1.4.0-7.el7_9.x86_64",
"7Server-ELS:host-metering-selinux-0:1.4.0-7.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
}
]
}
RHSA-2026:16476
Vulnerability from csaf_redhat - Published: 2026-05-12 18:56 - Updated: 2026-07-09 21:09A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
|
A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user's browser, leading to Cross-Site Scripting (XSS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Workaround
|
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
|
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
|
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 1.73.30 for Red Hat OpenShift Service Mesh 2.6 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 1.73.30, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13521)\n* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13550, OSSM-13551)\n* CVE-2026-41240 DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization (OSSM-13592)\n* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13687, OSSM-13688)\n* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13594, OSSM-13595)\n* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13725, OSSM-13726)\n* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13739, OSSM-13740)\n* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13711, OSSM-13712)\n\nEnhancement(s):\n\n* OSSM-12301 Migration from Yarn Classic (v1) to Yarn v4 or NPM\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16476",
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41240",
"url": "https://access.redhat.com/security/cve/CVE-2026-41240"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16476.json"
}
],
"title": "Red Hat Security Advisory: Kiali 1.73.30 for Red Hat OpenShift Service Mesh 2.6",
"tracking": {
"current_release_date": "2026-07-09T21:09:56+00:00",
"generator": {
"date": "2026-07-09T21:09:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:16476",
"initial_release_date": "2026-05-12T18:56:35+00:00",
"revision_history": [
{
"date": "2026-05-12T18:56:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T08:56:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T21:09:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 2.6",
"product": {
"name": "Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3Abbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191378"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Ab1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191473"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191378"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191473"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191378"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191473"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191378"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778191473"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-41240",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-23T16:04:41.751666+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user\u0027s browser, leading to Cross-Site Scripting (XSS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41240"
},
{
"category": "external",
"summary": "RHBZ#2461147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80",
"url": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m"
}
],
"release_date": "2026-04-23T14:54:32.426000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T18:56:35+00:00",
"details": "See Kiali 1.73.30 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:251acc1dcd2446bff4a6ea247e991c3c9186be784ac604df10efec1b312a8c87_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:36984ea16e6a9bf9eaac871eb2ed4be536fa95ecaac021e95a0be3a3c4e3af5d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:71f6f8597af2b563219bfd8bd15f159433636edb2496c785a82535c8b8d8b70e_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:b1ac1a78df89243431ff25c249b17d06487ca0bb5c77936d3f12f1d75f070757_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:40547afa883b9173c85f0498a1bd7107be4ad7d0bd753422286b9e1e35cfd20f_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:588bf79e80f6713af9766978eb4287fb691351f8e11285cfa00161553102a099_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:7aa34d481670c9470c3cd5f07319d30bbed5e4d8d8a0abeacb8ff8919bb88884_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:bbe2a362c9c494ad0e9c7549136447a38c31312c49f9f528c75bc5f1ef5bb1a2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
}
]
}
RHSA-2026:16477
Vulnerability from csaf_redhat - Published: 2026-05-12 19:02 - Updated: 2026-07-09 21:09A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64 | — |
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64 | — |
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.0.11\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.0.11, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\n* OSSM 3 Operator icon missing from OperatorHub catalog in OCP console (OSSM-13028)\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-proxyv2-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-pilot-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-cni-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-rhel9-operator: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-proxyv2-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-pilot-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-cni-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-rhel9-operator: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\n* istio-pilot-rhel9: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\n* istio-cni-rhel9: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16477",
"url": "https://access.redhat.com/errata/RHSA-2026:16477"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27143",
"url": "https://access.redhat.com/security/cve/cve-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27144",
"url": "https://access.redhat.com/security/cve/cve-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-32280",
"url": "https://access.redhat.com/security/cve/cve-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16477.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.11",
"tracking": {
"current_release_date": "2026-07-09T21:09:56+00:00",
"generator": {
"date": "2026-07-09T21:09:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:16477",
"initial_release_date": "2026-05-12T19:02:21+00:00",
"revision_history": [
{
"date": "2026-05-12T19:02:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-12T19:02:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T21:09:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777984344"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883393"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094416"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149127"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Adcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1777962404"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778153288"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Aa3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883393"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094416"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149127"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777984344"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1777962404"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ad6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883393"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ada3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094416"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149127"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777984344"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1777962404"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ad2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883393"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094416"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149127"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777883471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ac3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777984344"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1777962404"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T19:02:21+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.11 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16477"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T19:02:21+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.11 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16477"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T19:02:21+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.11 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16477"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:0701374518a82305e8e3102883a69fef7eb99238fe52567ae5cb3df7e2f72ee2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:31b7b625a2167783606bbd6d096c51eb34f492238d8d955ace6006a6eb74bcfd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:6f4a1fc3d4f37c9265300a32ca00fd20bc24e80cbb17d16e5c0bcc387c3afd87_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:dcc967a82a818a4c9e41ae4c403c94cf8bfb90b67ca2e071df9f23538015440f_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5e0473790eba6ccac07e5c83fb4cf2d1f322dea9dc522b0382f6d41219e48a41_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:a3148c276ab9ae3da2ecf3d837806e6324e5db2ac7e3c6e64dbbe107c688c695_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d2db61a5461a9eaba5e798f007716971b17ab457dbab797b1fdac0e9a09098ff_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:d6918b3a3b427205d5b6899240f24998372600775be066ae1c52d50012d2adfe_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2168e0ccdb4970ab8117fa1730089c712e24b8cc340c46343a6e36ad71d751f8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:34920bc431b451274686fd0bce158c0958fc5c350991d3ce21767d64b1ba70e9_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:44826036f117f1811b24b793f48a4256b9454bc0363873881762145d2b0b312f_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:da3ac9e26e23c02f9e4f18b9fcabc894beef1f61c8df564163696b9db8bdc58d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:100fd2b7e8adddef6271d41cd81df23a3e1bf7762638cee1ec465bccf7ab9526_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6b0dfa1211421f2f961de8c9fdee0d00899725f8dc0fdb4eb80bb0854be90c86_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:800f35c997f822a9468c6ed993e8573b69bcd133481ea51af1542b57c1e79e5d_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:924512d5e38c14d234e9a1b11204b8877b48202faca6b07457628dfcb3f09598_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5b1757be2b97248e70abceb263787bffe2c534cf4dcf05211fedc2834680d602_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a07af728477ee9f405d847f1037c520a384eb5a0f53839ec3651165ca6daeba8_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a3e492b465b7081140176024c86a8bae03902a963698978ef0de5e5adfe328ad_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c3534c03f90d600f899e49bc0de768abf40887796942bebc37ce8f12d1e55468_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:42324c789d08d578cdb7b5791a6da546d49f545e305ea00c0adb38093b5f9f82_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6b91cde557cb6fa93e9503291d75f8fb05d751eb93f32d8c638fb1322c9f9efd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7485779ebbd7b4c560844d0cc34e8ab3845a092eb45d50de6166f50e5f5ffb9b_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:877140b72711f585aaaa71c60ca4b8a885074d2be5d589668141d14c207b1f39_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:4ae9bb8293238cf21fb9f89b4fb1c21f64f7a8d2ab31bb71fee0c214ffe73c53_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
}
]
}
RHSA-2026:16505
Vulnerability from csaf_redhat - Published: 2026-05-12 19:48 - Updated: 2026-07-09 21:09A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64 | — |
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64 | — |
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.1.8\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.1.8, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\n* OSSM 3 Operator icon missing from OperatorHub catalog in OCP console (OSSM-13028)\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-proxyv2-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-pilot-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-cni-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-rhel9-operator: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-proxyv2-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-pilot-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-cni-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-rhel9-operator: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\n* istio-pilot-rhel9: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\n* istio-cni-rhel9: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16505",
"url": "https://access.redhat.com/errata/RHSA-2026:16505"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27143",
"url": "https://access.redhat.com/security/cve/cve-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27144",
"url": "https://access.redhat.com/security/cve/cve-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-32280",
"url": "https://access.redhat.com/security/cve/cve-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16505.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.8",
"tracking": {
"current_release_date": "2026-07-09T21:09:57+00:00",
"generator": {
"date": "2026-07-09T21:09:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:16505",
"initial_release_date": "2026-05-12T19:48:56+00:00",
"revision_history": [
{
"date": "2026-05-12T19:48:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-12T19:48:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T21:09:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778154273"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094470"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ac96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ad8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778125216"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1777964285"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Aa2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094470"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ae12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778125216"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ab83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1777964285"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094470"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Af0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ad7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778125216"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1777964285"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094470"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778149657"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777884022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778125216"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1777964285"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T19:48:56+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.8 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16505"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T19:48:56+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.8 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16505"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T19:48:56+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.8 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16505"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:44b66e1afa72c24167382ba2e71dfad9a197f4878074a8fff2e3f0ddae930e49_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5afab7e3267c6803839c2b96b00d715e3b327588485ecee7b23d8e3513ac15f3_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:5e76c624c73bf4f33aed2871e03d90cd8b5fb60e56165af0f501858b47594b9f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:b83715ebf0a7b233b53ee600ee0062f3967bec57a84a55d0255734979a0120af_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1164507052fa1be4b0f85d2f1474b80aa39744b6e651b3a06629980fceb44021_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4c954b01fa50e61194c19b4ec33d72f7b2d51cb561c8553328bd087742a0915d_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:69489685a5d09b90fea6a502bfe00aa288c6e74c552469e127a5693923e0fa1e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:989055e4981041419a61eab47e35d2e7e290855907657b32cf2de51490eafa18_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:3fce9db7529ea1b3c7b8edc40e18e6a32ccf5bb1501425ffe141837c19309287_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:6a300b4b9b1954020ba5876f91caca93ee2bc0da2c7059aaad40c3b264b59e8b_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84558fd223caace930e314c5ad288f3680fc6d925c90409e11f85c846c211890_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a2544534e61d95a2f5592197f70201183e5dacff68ba50aebddeb8d52219f839_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1b9d054f45c6f2b27396c12752cce412263565a1d54220c37b6906f4049aadab_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:1fb621c913ee0b8a724852268a93a69522addeabaa3f611589c4dc8a227ab740_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:6fe2fee491444040c87cac2a9cb7e856d0c29ad02dea9e7f7490d14af120c028_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:85542d8ec656bda1029e634a6178ab9a24e608aca1470dfb45d621a78f0026ea_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a67c6be11ac4b3fe06555c95376bd73eb367e841e87237ff3e0e66ed9479f338_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7016c8a7d14fe6355ad30b34a9bafca73e58beae82e2ec78abd46cda10588a0_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d8afbf5abad2a584664f5749330ba50da76ac07d415a2fb1d070f73620e5ba90_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e12b2cfcc3819305c9ece2e424565ca1fb7703026261db422546b76dab1c4960_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4d96bfc97e205ba0cf2ddb03a99240fd6dd90d28bb7cdf25f0d32a99dc8891dd_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:87213878db431672b26cd65a20d372866bbe7505b991483b77da8db6e9605796_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:c96e66abac88022833d4052b4a30570026878fa7912317ae2984f944bfe400e9_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0f3cd9f23cf174b94120dc40999112f829a5a77b03071def745f3283cd901f7_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:9c54dfb403dd08f7d72e066c4340d0e3143f29839d7df5485942b789f238e1ff_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
}
]
}
RHSA-2026:16508
Vulnerability from csaf_redhat - Published: 2026-05-12 20:00 - Updated: 2026-07-09 21:10A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le | — |
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le | — |
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.2.5\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.2.5, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\n* OSSM 3 Operator icon missing from OperatorHub catalog in OCP console (OSSM-13028)\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-proxyv2-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-pilot-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-cni-rhel9: possible memory corruption after bound check elimination (CVE-2026-27143)\n\n* istio-rhel9-operator: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-proxyv2-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-pilot-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-cni-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)\n\n* istio-rhel9-operator: Go: Denial of Service in certificate chain building (CVE-2026-32280)\n\n* istio-pilot-rhel9: Go: Denial of Service in certificate chain building (CVE-2026-32280)\n\n* istio-cni-rhel9: Go: Denial of Service in certificate chain building (CVE-2026-32280)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16508",
"url": "https://access.redhat.com/errata/RHSA-2026:16508"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27143",
"url": "https://access.redhat.com/security/cve/cve-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27144",
"url": "https://access.redhat.com/security/cve/cve-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-32280",
"url": "https://access.redhat.com/security/cve/cve-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16508.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.5",
"tracking": {
"current_release_date": "2026-07-09T21:10:00+00:00",
"generator": {
"date": "2026-07-09T21:10:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:16508",
"initial_release_date": "2026-05-12T20:00:08+00:00",
"revision_history": [
{
"date": "2026-05-12T20:00:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-12T20:00:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T21:10:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3Ab5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778154109"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Af53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Aa03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778150474"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778103735"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777969423"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Affc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778150474"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ad4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778103735"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777969423"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778150474"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Aec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778103735"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777969423"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778094612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ad38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778150474"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Adb2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778007366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778103735"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ae27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1777969423"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:00:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16508"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:00:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16508"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:00:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16508"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:256cfb2136687be0ae8a02e3e7fc75a36c0c2b0788a739c5ff7aa1314219ba4d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d2233e4df89c10c43c310e0d781966ee4beb8b8e37ee76090f5c496bddff6b3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d34ee664dd9f3ce90f9a2d0910cac258b25665ef0b36c8903e2cd8315e28446_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7ed6a92f13fc0208fe35eb3a618a362941087146e3e1ad399e1076d80ba42bff_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:60de473baf69cdcc823176b7cc76618388fc1f9cd3556bc4d28a77c299235214_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:70b4fa73f0d091371cf8564fbd6bf6819b2a8c49e44e8699753b99f8abda98aa_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:9709f44bf0c6850739e29699e842cbfe70b8f0f792567a1cd544374b64ee6576_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f53eac2d1182a644bbbe76807a75023b59859421b91a2b828a05f0f3fe58b60a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:266112a7cc8ce8df28b0e4a96fa5c54dfee56be8c195fd5bf576b42487c542cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d4b2114dad5d5364e01021ce6f84160e70e18b98ac2819ed379aeeb9fa5db01f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db2ae2c246ce1864acd3e4a3923dc0388803150c270445b2f50fe0f4ee2e20a1_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ec8bc5f9d0d9ca17a90dbbc7c734db2b439674686062e9a27d63145618f31926_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:0f6be50e399ab621f779541aa3ad1ebb4ffbaa3527079fa0342e6c809957d7d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:37f3f3c7d0a9d2441b76a32da94e8c69f2845dc15e82cf90afccf48026c4df86_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b84f3435deb230347504f0e27383f5907a16a47cbb14e57d163ac507677126b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6672d63cee00907fdccb9d1996d633edffd768d66d35d60cb0a234ba3df5194_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4ba0d15d8f4af2d653866fc5a58fc2740afbc663ab7e6179908611ec33f8bc3b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a03fcf7c240381f444b19e1149e5e506d41f6b8e3ee8d85e53e8db21d38bb6f1_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d38aa16bf2c6d89b78143242e9e77770c62a4842f60760ac1c1c5a8bfb75031a_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ffc5dbc4cf0e9bfb12246d08f6653f35baba6df9f632f165c23a9d47c09d2dfb_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:b5c6f18442fe408343552a4dc240b4b24921013159407fd908c073f17a0593cd_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:393c3aae7f14f978611cdc1e176b4603abae3848bf51a2944f5ad616c51f6ab8_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:9bf5745846bb21b33adddaa26abf24597bfb6f2597cf93351741d648b4532016_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e27229b0de83ec1868d162a934b4f0e60b5b9716d82365842e5a8b3fecc021ce_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ec36a4ce06c963a52ae150f95489a2ba5e3aa351c730f727665ffae0eb15afc4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
}
]
}
RHSA-2026:16532
Vulnerability from csaf_redhat - Published: 2026-05-12 20:58 - Updated: 2026-07-09 21:10A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
|
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
|
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
|
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
|
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.11.10 for Red Hat OpenShift Service Mesh 3.1 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.11.10, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13247)\n* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13555, OSSM-13559)\n* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13692, OSSM-13696)\n* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13601, OSSM-13602)\n* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13714, OSSM-13718)\n* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13728, OSSM-13732)\n* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13742, OSSM-13746)\n* CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget (OSSM-13781, OSSM-13782)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16532",
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16532.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.11.10 for Red Hat OpenShift Service Mesh 3.1",
"tracking": {
"current_release_date": "2026-07-09T21:10:03+00:00",
"generator": {
"date": "2026-07-09T21:10:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:16532",
"initial_release_date": "2026-05-12T20:58:45+00:00",
"revision_history": [
{
"date": "2026-05-12T20:58:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T08:56:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T21:10:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ac86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163935"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Af56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163935"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ac39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163935"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Aafa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163935"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:58:45+00:00",
"details": "See Kiali 2.11.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:0fe6b8e81892d6e45a24319338149ba5f588a0a42c6a7e013d70832b4e4d00d5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:594192348b665e607ea03d9cd025fb02ca52acd66d011c5243726fbc70ea268f_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c39ca5c8b13d5f8975ed1430927eb4ba0d01fb9020def44f4ec423f8d6853261_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c86378717ffa6f35875de27a88b808cc820df1fc3f5c7961511505d58fa9b469_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4e5a14e9c167228d0a55a26b06628ab6b3bb896e897dffdfd593b01f629ab354_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:67b06ed4451a8bcf0f17bc59f53d383e3bfed61ca1284f6ba567cfa46f57f97f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:afa2287380d598f25841328bc3de17747c4870836b0aad3b18cfc75fc2b3fc88_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f56b22504e9a945036800c13f19d8f26748faf1028ae8fc27409b7f7762ebcfe_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:16534
Vulnerability from csaf_redhat - Published: 2026-05-12 21:06 - Updated: 2026-07-09 21:04A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
|
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
|
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
|
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
|
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.4.16 for Red Hat OpenShift Service Mesh 3.0 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.4.16, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13246)\n* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13554, OSSM-13558)\n* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13691, OSSM-13695)\n* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13597, OSSM-13598)\n* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13713, OSSM-13717)\n* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13727, OSSM-13731)\n* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13741, OSSM-13745)\n* CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget (OSSM-13777, OSSM-13778)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16534",
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16534.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.4.16 for Red Hat OpenShift Service Mesh 3.0",
"tracking": {
"current_release_date": "2026-07-09T21:04:15+00:00",
"generator": {
"date": "2026-07-09T21:04:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:16534",
"initial_release_date": "2026-05-12T21:06:42+00:00",
"revision_history": [
{
"date": "2026-05-12T21:06:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T08:56:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T21:04:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164208"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Af9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163785"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164208"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163785"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Ae60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164208"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ada98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163785"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778164208"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163785"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:42+00:00",
"details": "See Kiali 2.4.16 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:246c34d2e769f9f40e5879bf335ce7db614442ade7733d4ac52e10a48d280843_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:7900ecb89c736738098e9b82dfad1b33bb1f9d719551d6cceccbfc4e9bd2103d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:da98415ade1160e1c40070e3a590f3390d8f10ced09103c78b4a2b9a00743291_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:f9fa6147fd9f3d074b496b9dd32f66c04bf4acd0a423f733827d2745f8da89d3_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3a93ddd83e947c84318d290d41861e5c2286990468c499710ca8479fbb05065e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:3f3d407102b90e3ad1e54606df7b87b5bad6f07db851d78802fc60708dd41d97_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:4a56e9549c509968af14b978a087be6dc8f2d556dcab4bd7e18b401a72e2ce70_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:e60c4d74202fbe7b58ac619bbbc9950d4466f9edb0f21ce1b63cec3b61d27e62_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:16535
Vulnerability from csaf_redhat - Published: 2026-05-12 21:06 - Updated: 2026-07-09 21:04A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
|
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
|
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
|
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
|
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 2.17.7 for Red Hat OpenShift Service Mesh 3.2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 2.17.7, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* CVE-2026-32280 Go: Denial of Service vulnerability in certificate chain building (OSSM-13248)\n* CVE-2026-40895 follow-redirects: Information disclosure via cross-domain redirects (OSSM-13556, OSSM-13560)\n* CVE-2026-42033 Axios: HTTP Transport Hijacking via Prototype Pollution (OSSM-13693, OSSM-13697)\n* CVE-2026-42035 Axios: Arbitrary HTTP header injection via prototype pollution (OSSM-13604, OSSM-13605)\n* CVE-2026-42043 Axios: NO_PROXY bypass via crafted URL (OSSM-13715, OSSM-13719)\n* CVE-2026-42039 Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data (OSSM-13729, OSSM-13733)\n* CVE-2026-42041 Axios: Authentication bypass due to prototype pollution of HTTP error handling (OSSM-13743, OSSM-13747)\n* CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget (OSSM-13784, OSSM-13785)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16535",
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40175",
"url": "https://access.redhat.com/security/cve/CVE-2026-40175"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4800",
"url": "https://access.redhat.com/security/cve/CVE-2026-4800"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16535.json"
}
],
"title": "Red Hat Security Advisory: Kiali 2.17.7 for Red Hat OpenShift Service Mesh 3.2",
"tracking": {
"current_release_date": "2026-07-09T21:04:12+00:00",
"generator": {
"date": "2026-07-09T21:04:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:16535",
"initial_release_date": "2026-05-12T21:06:57+00:00",
"revision_history": [
{
"date": "2026-05-12T21:06:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T08:56:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T21:04:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163909"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Aaf21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163792"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163909"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163792"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3A361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163909"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Acc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163792"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel9@sha256%3Af8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163909"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ab4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1778163792"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T21:06:57+00:00",
"details": "See Kiali 2.17.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2/html/observability/kiali-operator-provided-by-red-hat",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:670dbb0cdefd1e46fc6919d4b232f88b3e39599b6ea90602476fd84308986bca_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:af21dad17afca9999408d97167c950d3b37ccd14e199e8e69c7f1b80a95d536c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b4ba774d9dfa6e96c320cb2da532882a2525567fac9367fd625b26edbc59dfc0_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:cc913771d88f564060b1562034a5b6dd62842e899f852364d90f4ae4e6c85fd2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:0b03493fd9127e224c88e3cc775fdb8e4d6851c07b0cda8220af37f3ea58b817_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:361c90a4629005ec10140af3b719c739de36cf15adb6fb03bffb62eaff9a9a89_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:36a99220c56b2552bbc8c8c6026047b9d1f5dd271ee10c07365faefc06486382_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:f8862c4fa112301aa30870c2f6a891acb0e0c55e9da8d5f5dd5e057df72249ee_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.