Vulnerability-Lookup

RHSA-2026:24853

Vulnerability from csaf_redhat - Published: 2026-06-09 15:31 - Updated: 2026-06-10 20:54

Summary

Red Hat Security Advisory: Red Hat Quay 3.15.5

Severity

Important

Notes

Topic: Red Hat Quay 3.15.5 is now available with bug fixes.

Details: Quay 3.15.5

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-62718

A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.

7.0 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-1289 - Improper Validation of Unsafe Equivalence in Input

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix Workaround

Known not affected 19 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x	—	Workaround

Threats

Impact Important

CVE-2026-2377

A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix

Known not affected 19 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x		—

Threats

Impact Important

CVE-2026-4427

No description is available for this CVE.

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix

Known not affected 19 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x		—

CVE-2026-25679

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix Workaround

Known not affected 19 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x	—	Workaround

Threats

Impact Important

CVE-2026-27459

A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix Workaround

Known not affected 19 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x	—	Workaround

Threats

Impact Important

CVE-2026-27962

A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker's key, allowing them to bypass authentication and gain unauthorized access.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix

Known not affected 19 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x		—

Threats

Impact Low

CVE-2026-32280

A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix

Known not affected 19 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x		—

Threats

Impact Important

CVE-2026-32282

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix Workaround

Known not affected 19 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x	—	Workaround

Threats

Impact Moderate

CVE-2026-32286

A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix Workaround

Known not affected 19 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x	—	Workaround

Threats

Impact Important

CVE-2026-32589

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE-639 - Authorization Bypass Through User-Controlled Key

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix

Known not affected 19 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x		—

Threats

Impact Important

CVE-2026-32590

A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix

Known not affected 19 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x		—

Threats

Impact Moderate

CVE-2026-33186

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-551 - Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix Workaround

Known not affected 19 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x	—	Workaround

Threats

Impact Important

CVE-2026-33894

A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix Workaround

Known not affected 19 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x	—	Workaround

Threats

Impact Important

CVE-2026-34986

A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-131 - Incorrect Calculation of Buffer Size

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix Workaround

Known not affected 19 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x	—	Workaround

Threats

Impact Important

CVE-2026-39892

A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-131 - Incorrect Calculation of Buffer Size

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix Workaround

Known not affected 19 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x	—	Workaround

Threats

Impact Important

CVE-2026-40192

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix Workaround

Known not affected 19 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x	—	Workaround

Threats

Impact Important

CVE-2026-40895

A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix

Known not affected 19 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x		—

Threats

Impact Important

CVE-2026-42033

A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix

Known not affected 19 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x		—

Threats

Impact Important

CVE-2026-42035

A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix Workaround

Known not affected 19 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x	—	Workaround

Threats

Impact Moderate

CVE-2026-42039

A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix

Known not affected 19 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x		—

Threats

Impact Important

CVE-2026-42041

A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix

Known not affected 19 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x		—

Threats

Impact Important

CVE-2026-42043

A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix

Known not affected 19 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le		—
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x		—

Threats

Impact Important

CVE-2026-42044

A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64	—	Vendor Fix fix Workaround

Known not affected 19 products

Product	Version	Remediation
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le	—	Workaround
Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x	—	Workaround

Threats

Impact Important

References

163 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:24853	self
https://access.redhat.com/security/cve/CVE-2025-62718	external
https://access.redhat.com/security/cve/CVE-2026-2377	external
https://access.redhat.com/security/cve/CVE-2026-25679	external
https://access.redhat.com/security/cve/CVE-2026-27459	external
https://access.redhat.com/security/cve/CVE-2026-27962	external
https://access.redhat.com/security/cve/CVE-2026-32280	external
https://access.redhat.com/security/cve/CVE-2026-32282	external
https://access.redhat.com/security/cve/CVE-2026-32286	external
https://access.redhat.com/security/cve/CVE-2026-32589	external
https://access.redhat.com/security/cve/CVE-2026-32590	external
https://access.redhat.com/security/cve/CVE-2026-33186	external
https://access.redhat.com/security/cve/CVE-2026-33894	external
https://access.redhat.com/security/cve/CVE-2026-34986	external
https://access.redhat.com/security/cve/CVE-2026-39892	external
https://access.redhat.com/security/cve/CVE-2026-40192	external
https://access.redhat.com/security/cve/CVE-2026-40895	external
https://access.redhat.com/security/cve/CVE-2026-42033	external
https://access.redhat.com/security/cve/CVE-2026-42035	external
https://access.redhat.com/security/cve/CVE-2026-42039	external
https://access.redhat.com/security/cve/CVE-2026-42041	external
https://access.redhat.com/security/cve/CVE-2026-42043	external
https://access.redhat.com/security/cve/CVE-2026-42044	external
https://access.redhat.com/security/cve/CVE-2026-4427	external
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-62718	self
https://bugzilla.redhat.com/show_bug.cgi?id=2456913	external
https://www.cve.org/CVERecord?id=CVE-2025-62718	external
https://nvd.nist.gov/vuln/detail/CVE-2025-62718	external
https://datatracker.ietf.org/doc/html/rfc1034#sec…	external
https://datatracker.ietf.org/doc/html/rfc3986#sec…	external
https://github.com/axios/axios/commit/fb3befb6daa…	external
https://github.com/axios/axios/pull/10661	external
https://github.com/axios/axios/releases/tag/v1.15.0	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-2377	self
https://bugzilla.redhat.com/show_bug.cgi?id=2439201	external
https://www.cve.org/CVERecord?id=CVE-2026-2377	external
https://nvd.nist.gov/vuln/detail/CVE-2026-2377	external
https://access.redhat.com/security/cve/CVE-2026-4427	self
https://www.cve.org/CVERecord?id=CVE-2026-4427	external
https://access.redhat.com/security/cve/CVE-2026-25679	self
https://bugzilla.redhat.com/show_bug.cgi?id=2445356	external
https://www.cve.org/CVERecord?id=CVE-2026-25679	external
https://nvd.nist.gov/vuln/detail/CVE-2026-25679	external
https://go.dev/cl/752180	external
https://go.dev/issue/77578	external
https://groups.google.com/g/golang-announce/c/Edh…	external
https://pkg.go.dev/vuln/GO-2026-4601	external
https://access.redhat.com/security/cve/CVE-2026-27459	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448503	external
https://www.cve.org/CVERecord?id=CVE-2026-27459	external
https://nvd.nist.gov/vuln/detail/CVE-2026-27459	external
https://github.com/pyca/pyopenssl/blob/358cbf29c4…	external
https://github.com/pyca/pyopenssl/commit/57f09bb4…	external
https://github.com/pyca/pyopenssl/security/adviso…	external
https://access.redhat.com/security/cve/CVE-2026-27962	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448164	external
https://www.cve.org/CVERecord?id=CVE-2026-27962	external
https://nvd.nist.gov/vuln/detail/CVE-2026-27962	external
https://github.com/authlib/authlib/commit/a5d4b2d…	external
https://github.com/authlib/authlib/releases/tag/v1.6.9	external
https://github.com/authlib/authlib/security/advis…	external
https://access.redhat.com/security/cve/CVE-2026-32280	self
https://bugzilla.redhat.com/show_bug.cgi?id=2456339	external
https://www.cve.org/CVERecord?id=CVE-2026-32280	external
https://nvd.nist.gov/vuln/detail/CVE-2026-32280	external
https://go.dev/cl/758320	external
https://go.dev/issue/78282	external
https://groups.google.com/g/golang-announce/c/0uY…	external
https://pkg.go.dev/vuln/GO-2026-4947	external
https://access.redhat.com/security/cve/CVE-2026-32282	self
https://bugzilla.redhat.com/show_bug.cgi?id=2456336	external
https://www.cve.org/CVERecord?id=CVE-2026-32282	external
https://nvd.nist.gov/vuln/detail/CVE-2026-32282	external
https://go.dev/cl/763761	external
https://go.dev/issue/78293	external
https://pkg.go.dev/vuln/GO-2026-4864	external
https://access.redhat.com/security/cve/CVE-2026-32286	self
https://bugzilla.redhat.com/show_bug.cgi?id=2451847	external
https://www.cve.org/CVERecord?id=CVE-2026-32286	external
https://nvd.nist.gov/vuln/detail/CVE-2026-32286	external
https://github.com/golang/vulndb/issues/4518	external
https://github.com/jackc/pgx/issues/2507	external
https://pkg.go.dev/vuln/GO-2026-4518	external
https://access.redhat.com/security/cve/CVE-2026-32589	self
https://bugzilla.redhat.com/show_bug.cgi?id=2446963	external
https://www.cve.org/CVERecord?id=CVE-2026-32589	external
https://nvd.nist.gov/vuln/detail/CVE-2026-32589	external
https://access.redhat.com/security/cve/CVE-2026-32590	self
https://bugzilla.redhat.com/show_bug.cgi?id=2446964	external
https://www.cve.org/CVERecord?id=CVE-2026-32590	external
https://nvd.nist.gov/vuln/detail/CVE-2026-32590	external
https://access.redhat.com/security/cve/CVE-2026-33186	self
https://bugzilla.redhat.com/show_bug.cgi?id=2449833	external
https://www.cve.org/CVERecord?id=CVE-2026-33186	external
https://nvd.nist.gov/vuln/detail/CVE-2026-33186	external
https://github.com/grpc/grpc-go/security/advisori…	external
https://access.redhat.com/security/cve/CVE-2026-33894	self
https://bugzilla.redhat.com/show_bug.cgi?id=2452464	external
https://www.cve.org/CVERecord?id=CVE-2026-33894	external
https://nvd.nist.gov/vuln/detail/CVE-2026-33894	external
https://datatracker.ietf.org/doc/html/rfc2313#section-8	external
https://github.com/digitalbazaar/forge/security/a…	external
https://mailarchive.ietf.org/arch/msg/openpgp/5rn…	external
https://www.rfc-editor.org/rfc/rfc8017.html	external
https://access.redhat.com/security/cve/CVE-2026-34986	self
https://bugzilla.redhat.com/show_bug.cgi?id=2455470	external
https://www.cve.org/CVERecord?id=CVE-2026-34986	external
https://nvd.nist.gov/vuln/detail/CVE-2026-34986	external
https://github.com/go-jose/go-jose/security/advis…	external
https://pkg.go.dev/github.com/go-jose/go-jose/v4#…	external
https://access.redhat.com/security/cve/CVE-2026-39892	self
https://bugzilla.redhat.com/show_bug.cgi?id=2456735	external
https://www.cve.org/CVERecord?id=CVE-2026-39892	external
https://nvd.nist.gov/vuln/detail/CVE-2026-39892	external
http://www.openwall.com/lists/oss-security/2026/0…	external
https://github.com/pyca/cryptography/commit/622d6…	external
https://github.com/pyca/cryptography/security/adv…	external
https://access.redhat.com/security/cve/CVE-2026-40192	self
https://bugzilla.redhat.com/show_bug.cgi?id=2458856	external
https://www.cve.org/CVERecord?id=CVE-2026-40192	external
https://nvd.nist.gov/vuln/detail/CVE-2026-40192	external
https://github.com/python-pillow/Pillow/commit/3c…	external
https://github.com/python-pillow/Pillow/pull/9521	external
https://github.com/python-pillow/Pillow/security/…	external
https://pillow.readthedocs.io/en/stable/releaseno…	external
https://access.redhat.com/security/cve/CVE-2026-40895	self
https://bugzilla.redhat.com/show_bug.cgi?id=2460297	external
https://www.cve.org/CVERecord?id=CVE-2026-40895	external
https://nvd.nist.gov/vuln/detail/CVE-2026-40895	external
https://github.com/follow-redirects/follow-redire…	external
https://access.redhat.com/security/cve/CVE-2026-42033	self
https://bugzilla.redhat.com/show_bug.cgi?id=2461607	external
https://www.cve.org/CVERecord?id=CVE-2026-42033	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42033	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-42035	self
https://bugzilla.redhat.com/show_bug.cgi?id=2461606	external
https://www.cve.org/CVERecord?id=CVE-2026-42035	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42035	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-42039	self
https://bugzilla.redhat.com/show_bug.cgi?id=2461630	external
https://www.cve.org/CVERecord?id=CVE-2026-42039	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42039	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-42041	self
https://bugzilla.redhat.com/show_bug.cgi?id=2461629	external
https://www.cve.org/CVERecord?id=CVE-2026-42041	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42041	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-42043	self
https://bugzilla.redhat.com/show_bug.cgi?id=2461626	external
https://www.cve.org/CVERecord?id=CVE-2026-42043	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42043	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-42044	self
https://bugzilla.redhat.com/show_bug.cgi?id=2461624	external
https://www.cve.org/CVERecord?id=CVE-2026-42044	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42044	external
https://github.com/axios/axios/security/advisorie…	external

Acknowledgments

Antony Di Scala Michael Whale

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Quay 3.15.5 is now available with bug fixes.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Quay 3.15.5",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:24853",
        "url": "https://access.redhat.com/errata/RHSA-2026:24853"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
        "url": "https://access.redhat.com/security/cve/CVE-2025-62718"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-2377",
        "url": "https://access.redhat.com/security/cve/CVE-2026-2377"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
        "url": "https://access.redhat.com/security/cve/CVE-2026-25679"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
        "url": "https://access.redhat.com/security/cve/CVE-2026-27459"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-27962",
        "url": "https://access.redhat.com/security/cve/CVE-2026-27962"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
        "url": "https://access.redhat.com/security/cve/CVE-2026-32280"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
        "url": "https://access.redhat.com/security/cve/CVE-2026-32282"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
        "url": "https://access.redhat.com/security/cve/CVE-2026-32286"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-32589",
        "url": "https://access.redhat.com/security/cve/CVE-2026-32589"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-32590",
        "url": "https://access.redhat.com/security/cve/CVE-2026-32590"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
        "url": "https://access.redhat.com/security/cve/CVE-2026-33186"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-33894",
        "url": "https://access.redhat.com/security/cve/CVE-2026-33894"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
        "url": "https://access.redhat.com/security/cve/CVE-2026-34986"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
        "url": "https://access.redhat.com/security/cve/CVE-2026-39892"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-40192",
        "url": "https://access.redhat.com/security/cve/CVE-2026-40192"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
        "url": "https://access.redhat.com/security/cve/CVE-2026-40895"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42033"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42035"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42039"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42041"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42043"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42044"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
        "url": "https://access.redhat.com/security/cve/CVE-2026-4427"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24853.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Quay 3.15.5",
    "tracking": {
      "current_release_date": "2026-06-10T20:54:48+00:00",
      "generator": {
        "date": "2026-06-10T20:54:48+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.2"
        }
      },
      "id": "RHSA-2026:24853",
      "initial_release_date": "2026-06-09T15:31:40+00:00",
      "revision_history": [
        {
          "date": "2026-06-09T15:31:40+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-09T15:31:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-10T20:54:48+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Quay 3.15",
                "product": {
                  "name": "Red Hat Quay 3.15",
                  "product_id": "Red Hat Quay 3.15",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:quay:3.15::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Quay"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
                "product": {
                  "name": "registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
                  "product_id": "registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-rhel8@sha256%3A5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1780891395"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
                "product": {
                  "name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
                  "product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1780584268"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
                "product": {
                  "name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
                  "product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ad3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1780584376"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
                "product": {
                  "name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
                  "product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-rhel8@sha256%3A93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1780584626"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
                "product": {
                  "name": "registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
                  "product_id": "registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/clair-rhel8@sha256%3A112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1780584775"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
                "product": {
                  "name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
                  "product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-rhel8@sha256%3A9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1780584287"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
                  "product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1780585491"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
                  "product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ab1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1780584268"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
                  "product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Adb0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1780585598"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
                  "product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1780584376"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
                  "product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Af32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1780590413"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
                  "product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-rhel8@sha256%3Aef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1780584626"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
                  "product_id": "registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/clair-rhel8@sha256%3A80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1780584775"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
                  "product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-bundle@sha256%3A955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1780894591"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
                  "product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-rhel8@sha256%3A7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1780584287"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64",
                "product": {
                  "name": "registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64",
                  "product_id": "registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-rhel8@sha256%3Aafeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1780891395"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
                "product": {
                  "name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
                  "product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ae76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1780584268"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
                "product": {
                  "name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
                  "product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1780584376"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
                "product": {
                  "name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
                  "product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-builder-rhel8@sha256%3A9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1780584626"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
                "product": {
                  "name": "registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
                  "product_id": "registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/clair-rhel8@sha256%3A6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1780584775"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
                "product": {
                  "name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
                  "product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-operator-rhel8@sha256%3Aec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1780584287"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
                "product": {
                  "name": "registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
                  "product_id": "registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/quay-rhel8@sha256%3A88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1780891395"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le"
        },
        "product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x"
        },
        "product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64 as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64"
        },
        "product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64 as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64 as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x"
        },
        "product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le"
        },
        "product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64 as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le"
        },
        "product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x"
        },
        "product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64 as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64 as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le"
        },
        "product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64 as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x"
        },
        "product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64 as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64 as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le"
        },
        "product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        },
        "product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le"
        },
        "product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x"
        },
        "product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64 as a component of Red Hat Quay 3.15",
          "product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        },
        "product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64",
        "relates_to_product_reference": "Red Hat Quay 3.15"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-62718",
      "cwe": {
        "id": "CWE-1289",
        "name": "Improper Validation of Unsafe Equivalence in Input"
      },
      "discovery_date": "2026-04-09T15:01:48.111177+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456913"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-62718"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456913",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
        },
        {
          "category": "external",
          "summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
          "url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
        },
        {
          "category": "external",
          "summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
          "url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
          "url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/pull/10661",
          "url": "https://github.com/axios/axios/pull/10661"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
          "url": "https://github.com/axios/axios/releases/tag/v1.15.0"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
        }
      ],
      "release_date": "2026-04-09T14:31:46.067000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Antony Di Scala",
            "Michael Whale"
          ]
        }
      ],
      "cve": "CVE-2026-2377",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2026-02-11T21:02:44.495000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2439201"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application\u0027s backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Request Forgery (SSRF). This could lead to unauthorized access to sensitive information or other internal systems.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Due to the intended and supported use case of Openshift Mirror Registry, deployment in an offline or network-isolated environment, the impact for this product has been downgraded to `Moderate`.\n\nEven in case of compromise, the blast radius is restricted to mirror-registry. It can not be escalated outside the core product. This vulnerability has been scored based on the lack of change of scope.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-2377"
        },
        {
          "category": "external",
          "summary": "RHBZ#2439201",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-2377",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2377"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377"
        }
      ],
      "release_date": "2026-04-08T16:18:10.324000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality"
    },
    {
      "cve": "CVE-2026-4427",
      "discovery_date": "2026-03-18T14:02:19.414820+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "other",
          "text": "This CVE has been marked as Rejected by the assigning CNA.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4427"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
        }
      ],
      "release_date": "2026-03-18T13:00:31+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        }
      ],
      "title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
    },
    {
      "cve": "CVE-2026-25679",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2026-03-06T22:02:11.567841+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2445356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "RHBZ#2445356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/752180",
          "url": "https://go.dev/cl/752180"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77578",
          "url": "https://go.dev/issue/77578"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
          "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4601",
          "url": "https://pkg.go.dev/vuln/GO-2026-4601"
        }
      ],
      "release_date": "2026-03-06T21:28:14.211000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "cve": "CVE-2026-27459",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2026-03-18T00:01:41.404915+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448503"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pyOpenSSL: DTLS cookie callback buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27459"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448503",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
          "url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
          "url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
          "url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
        }
      ],
      "release_date": "2026-03-17T23:34:28.483000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        },
        {
          "category": "workaround",
          "details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pyOpenSSL: DTLS cookie callback buffer overflow"
    },
    {
      "cve": "CVE-2026-27962",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2026-03-16T18:02:07.041902+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448164"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker\u0027s key, allowing them to bypass authentication and gain unauthorized access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This critical vulnerability in Authlib\u0027s JWS implementation allows unauthenticated attackers to forge JWTs by embedding their own cryptographic key in the token header. Impact is high to confidentiality and integrity as attackers can bypass authentication.\n\nThe impact for Red Hat Quay is rated as low because it imports authlib solely as a JWK parsing utility and performs all JWT signature verification through PyJWT, so the vulnerable jws.deserialize_compact() code path is never called.\n\nRed Hat OpenShift AI is not affected, since authlib is only present as a transitive dependency in the dev dependency group and is not included in production image builds, so the vulnerable code is not present in the shipped product.\n\nRed Hat Satellite is not affected, as authlib is only present as a dependency of fastmcp. In Satellite, fastmcp only invokes authlib using jwt.decode() which isn\u0027t able to reach the vulnerability condition even with key=none.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27962"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448164",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448164"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27962"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962"
        },
        {
          "category": "external",
          "summary": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681",
          "url": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681"
        },
        {
          "category": "external",
          "summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
          "url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
        },
        {
          "category": "external",
          "summary": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5",
          "url": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5"
        }
      ],
      "release_date": "2026-03-16T17:34:38.946000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability"
    },
    {
      "cve": "CVE-2026-32280",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-04-08T02:01:19.572351+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456339"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32280"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456339",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/758320",
          "url": "https://go.dev/cl/758320"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/78282",
          "url": "https://go.dev/issue/78282"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
          "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4947",
          "url": "https://pkg.go.dev/vuln/GO-2026-4947"
        }
      ],
      "release_date": "2026-04-08T01:06:58.595000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "cve": "CVE-2026-32282",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "discovery_date": "2026-04-08T02:01:12.683211+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456336"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32282"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456336",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/763761",
          "url": "https://go.dev/cl/763761"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/78293",
          "url": "https://go.dev/issue/78293"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
          "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4864",
          "url": "https://pkg.go.dev/vuln/GO-2026-4864"
        }
      ],
      "release_date": "2026-04-08T01:06:55.953000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
    },
    {
      "cve": "CVE-2026-32286",
      "cwe": {
        "id": "CWE-1285",
        "name": "Improper Validation of Specified Index, Position, or Offset in Input"
      },
      "discovery_date": "2026-03-26T20:01:59.226117+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2451847"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The PostgreSQL server multicluster-globalhub-manager connects to is either provisioned by the operator itself or specified by the admin managing the deployment. To successfully exploit the vulnerability in this context the attacker would need to compromise the operator-deployed PostgreSQL server to force a crafted malicious DataRow message or they would need to have the privileges required to modify the operator-provisioned deployment or configure globalhub-manager to use a compromised/malicious \u201cBYO Postgres\u201d server.\n\nThe first scenario (compromising a legitimate PostgreSQL server) would change Attack Complexity from Low to High resulting in an adjusted CVSS v3.1 score of 5.9 (Moderate)\nThe other scenarios (manipulating the operator provisioned-deployment or configuring the globalhub-manager to use a malicious server) would maintain AC:L but would require privileged access. This would change Privileges Required from None to High resulting in an adjusted CVSS v3.1 score of 4.9 (Moderate)\n\nBased on the above the Impact Rating for multicluster-globalhub-manager-rhel9 is  Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32286"
        },
        {
          "category": "external",
          "summary": "RHBZ#2451847",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/vulndb/issues/4518",
          "url": "https://github.com/golang/vulndb/issues/4518"
        },
        {
          "category": "external",
          "summary": "https://github.com/jackc/pgx/issues/2507",
          "url": "https://github.com/jackc/pgx/issues/2507"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4518",
          "url": "https://pkg.go.dev/vuln/GO-2026-4518"
        }
      ],
      "release_date": "2026-03-26T19:40:51.974000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Antony Di Scala",
            "Michael Whale"
          ]
        }
      ],
      "cve": "CVE-2026-32589",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "discovery_date": "2026-03-12T14:43:07.878000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2446963"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mirror-registry: quay: insecure direct object reference in BlobUpload",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Exploitation requires valid login credentials to the Quay registry. Unauthenticated users cannot exploit this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32589"
        },
        {
          "category": "external",
          "summary": "RHBZ#2446963",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32589",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32589"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589"
        }
      ],
      "release_date": "2026-04-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mirror-registry: quay: insecure direct object reference in BlobUpload"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Antony Di Scala",
            "Michael Whale"
          ]
        }
      ],
      "cve": "CVE-2026-32590",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2026-03-12T14:43:11.443000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2446964"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Red Hat Quay\u0027s handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mirror-registry: remote code execution using pickle deserialization",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Exploitation requires valid login credentials. The attacker must be authenticated to the registry, either through the web interface or through a container tool such as Podman.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32590"
        },
        {
          "category": "external",
          "summary": "RHBZ#2446964",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32590",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32590"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590"
        }
      ],
      "release_date": "2026-04-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mirror-registry: remote code execution using pickle deserialization"
    },
    {
      "cve": "CVE-2026-33186",
      "cwe": {
        "id": "CWE-551",
        "name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
      },
      "discovery_date": "2026-03-20T23:02:27.802640+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2449833"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33186"
        },
        {
          "category": "external",
          "summary": "RHBZ#2449833",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
        },
        {
          "category": "external",
          "summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
          "url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
        }
      ],
      "release_date": "2026-03-20T22:23:32.147000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
    },
    {
      "cve": "CVE-2026-33894",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2026-03-27T21:02:52.462999+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2452464"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33894"
        },
        {
          "category": "external",
          "summary": "RHBZ#2452464",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33894",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33894"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894"
        },
        {
          "category": "external",
          "summary": "https://datatracker.ietf.org/doc/html/rfc2313#section-8",
          "url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"
        },
        {
          "category": "external",
          "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp",
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"
        },
        {
          "category": "external",
          "summary": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE",
          "url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"
        },
        {
          "category": "external",
          "summary": "https://www.rfc-editor.org/rfc/rfc8017.html",
          "url": "https://www.rfc-editor.org/rfc/rfc8017.html"
        }
      ],
      "release_date": "2026-03-27T20:45:49.583000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification"
    },
    {
      "cve": "CVE-2026-34986",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "discovery_date": "2026-04-06T17:01:34.639203+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2455470"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-34986"
        },
        {
          "category": "external",
          "summary": "RHBZ#2455470",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
        },
        {
          "category": "external",
          "summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
          "url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
          "url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
        }
      ],
      "release_date": "2026-04-06T16:22:45.353000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
    },
    {
      "cve": "CVE-2026-39892",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "discovery_date": "2026-04-08T22:00:59.416053+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456735"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-39892"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456735",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
        },
        {
          "category": "external",
          "summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
          "url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
          "url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
          "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
        }
      ],
      "release_date": "2026-04-08T20:49:41.967000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
    },
    {
      "cve": "CVE-2026-40192",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "discovery_date": "2026-04-16T00:00:49.590876+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2458856"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library\u0027s failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-40192"
        },
        {
          "category": "external",
          "summary": "RHBZ#2458856",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-40192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192"
        },
        {
          "category": "external",
          "summary": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
          "url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
        },
        {
          "category": "external",
          "summary": "https://github.com/python-pillow/Pillow/pull/9521",
          "url": "https://github.com/python-pillow/Pillow/pull/9521"
        },
        {
          "category": "external",
          "summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
          "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
        },
        {
          "category": "external",
          "summary": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
          "url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
        }
      ],
      "release_date": "2026-04-15T22:53:56.147000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing"
    },
    {
      "cve": "CVE-2026-40895",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2026-04-21T21:02:33.280553+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2460297"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-40895"
        },
        {
          "category": "external",
          "summary": "RHBZ#2460297",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
        },
        {
          "category": "external",
          "summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
          "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
        }
      ],
      "release_date": "2026-04-21T19:59:59.759000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
    },
    {
      "cve": "CVE-2026-42033",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2026-04-24T18:01:20.937507+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2461607"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42033"
        },
        {
          "category": "external",
          "summary": "RHBZ#2461607",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
        }
      ],
      "release_date": "2026-04-24T17:36:44.132000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
    },
    {
      "cve": "CVE-2026-42035",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2026-04-24T18:01:17.109481+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2461606"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42035"
        },
        {
          "category": "external",
          "summary": "RHBZ#2461606",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
        }
      ],
      "release_date": "2026-04-24T17:38:07.752000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
    },
    {
      "cve": "CVE-2026-42039",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-04-24T19:01:44.887156+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2461630"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42039"
        },
        {
          "category": "external",
          "summary": "RHBZ#2461630",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
        }
      ],
      "release_date": "2026-04-24T18:01:30.775000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
    },
    {
      "cve": "CVE-2026-42041",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2026-04-24T19:01:41.034289+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2461629"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42041"
        },
        {
          "category": "external",
          "summary": "RHBZ#2461629",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
        }
      ],
      "release_date": "2026-04-24T17:55:30.036000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
    },
    {
      "cve": "CVE-2026-42043",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2026-04-24T19:01:22.552379+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2461626"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: NO_PROXY bypass via crafted URL",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42043"
        },
        {
          "category": "external",
          "summary": "RHBZ#2461626",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
        }
      ],
      "release_date": "2026-04-24T17:54:42.668000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: NO_PROXY bypass via crafted URL"
    },
    {
      "cve": "CVE-2026-42044",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2026-04-24T19:01:13.418725+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2461624"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
        ],
        "known_not_affected": [
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
          "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42044"
        },
        {
          "category": "external",
          "summary": "RHBZ#2461624",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
        }
      ],
      "release_date": "2026-04-24T17:49:49.517000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-09T15:31:40+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:24853"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:112909f56592b6d280a68b8104fe0c6f771c7c0156197950fcd1fcccae3c7fbf_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:6ebb0d29e5d4aeb1ec3c16f8478cd1d615d3b42275dd82a20ff966887d603bd6_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:80e7c357130e8a1a2db38713055d9a3e04812d5dd496d937d0d51b5c27f97da5_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:db0def651635715bc2406aef174f500cdc35d52cd693785629c149d0269b5f33_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2bab9301dc7f0adb24d243b7c0bb26733751f4bf2c84edbf464ac8dd2753bfa0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:904a679c9230596aea5aab19cb6ecd16d6f7c7e6cca06aca63498ff4896733ba_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d3d569cf1570a9a0edd4070660ceff622429c98345c369af0ace3458e0ba2308_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:f32c7fd3bde4d324f96251826f85aac887aaa44a526eb2e8549a00c6a71abcd0_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:93d75149f451f380dbc59b4f093e0bf8f3ab05044e584f9a229c46abd572cf94_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9dd5bc1416811a51cc056720e65035c713f335f43d8209bfad4d8d983b36ac72_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:ef0552c8953fc5958bb4bb548820802cc30f0aa8366c0e369a0d30e1f5ddad9b_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3deb2d564ed7e8ce85861e81681211d84a9c147bb5807c642fe788980aba3038_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:82e7c7f7d3a44f312428d1fa7b0c1c6fc644fbf20e9370b2d5803f6687a189a5_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b1a0cc358536e22f07c9672957484afebf230145a5c85fa4f8acd11349adb219_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e76e3b94c8aae99addf53b09f15f8f9d52003bfdb9213c93b67b58e71fcd192a_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:955f6c83ce8e6cdd075ef5c7396a8b19f9b8021cc5fb1b909a1dda05f0e3f13f_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:7be53b8c4851f7ca174c32556cdc2be807cabfb778ced23054b12288cc7ebbee_amd64",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:9abfc7d4e96a46868548380c7db2f11a7ec406c809fb8eee9a7bc3a049adcbbe_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:ec4e8658a1c3f00bd08e8b009cd042bc59a3d870cd17a7db940f1e12d4c05746_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:5b1b98cd31ba150aecd6ef44c2bd8d79ae64380c8e974a4c8c1bb66fb4a38ce9_ppc64le",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:88ca55bb3177d8111971f1ba134bec7967289bfae64ecdf0b751dba0df82d9f0_s390x",
            "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:afeeca0c1a653b5c375af4cca8dac1f52db846013d8b50e914ed62e1b7b1aa62_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
    }
  ]
}

CVE-2026-42043 (GCVE-0-2026-42043)

Vulnerability from cvelistv5 – Published: 2026-04-24 17:54 – Updated: 2026-04-27 13:47

Title

Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0

Summary

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range (other than 127.0.0.1) to completely bypass the NO_PROXY protection. This vulnerability is due to an incomplete for CVE-2025-62718, This vulnerability is fixed in 1.15.1 and 0.31.1.

Severity

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-183 - Permissive List of Allowed Inputs
CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')
CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/axios/axios/security/advisorie…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
axios	axios	Affected: >= 1.0.0, < 1.15.1 Affected: < 0.31.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42043",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-27T13:47:20.443878Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-27T13:47:24.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "axios",
          "vendor": "axios",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.15.1"
            },
            {
              "status": "affected",
              "version": "\u003c 0.31.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range (other than 127.0.0.1) to completely bypass the NO_PROXY protection. This vulnerability is due to an incomplete for CVE-2025-62718, This vulnerability is fixed in 1.15.1 and 0.31.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-183",
              "description": "CWE-183: Permissive List of Allowed Inputs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-441",
              "description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-24T17:54:42.668Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
        }
      ],
      "source": {
        "advisory": "GHSA-pmwg-cvhr-8vh7",
        "discovery": "UNKNOWN"
      },
      "title": "Axios: Incomplete Fix for CVE-2025-62718 \u2014 NO_PROXY  Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8)  in Axios 1.15.0"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42043",
    "datePublished": "2026-04-24T17:54:42.668Z",
    "dateReserved": "2026-04-23T16:05:01.709Z",
    "dateUpdated": "2026-04-27T13:47:24.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42044 (GCVE-0-2026-42044)

Vulnerability from cvelistv5 – Published: 2026-04-24 17:49 – Updated: 2026-04-24 18:12

Title

Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`

Summary

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible modification of all JSON API responses — including privilege escalation, balance manipulation, and authorization bypass. The default transformResponse function at lib/defaults/index.js:124 calls JSON.parse(data, this.parseReviver), where this is the merged config object. Because parseReviver is not present in Axios defaults, not validated by assertOptions, and not subject to any constraints, a polluted Object.prototype.parseReviver function is called for every key-value pair in every JSON response, allowing the attacker to selectively modify individual values while leaving the rest of the response intact. This vulnerability is fixed in 1.15.2.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/axios/axios/security/advisorie…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
axios	axios	Affected: >= 1.0.0, < 1.15.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42044",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-24T18:11:49.647774Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-24T18:12:13.920Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "axios",
          "vendor": "axios",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.15.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution \"Gadget\" attack that allows any Object.prototype pollution in the application\u0027s dependency tree to be escalated into surgical, invisible modification of all JSON API responses \u2014 including privilege escalation, balance manipulation, and authorization bypass. The default transformResponse function at lib/defaults/index.js:124 calls JSON.parse(data, this.parseReviver), where this is the merged config object. Because parseReviver is not present in Axios defaults, not validated by assertOptions, and not subject to any constraints, a polluted Object.prototype.parseReviver function is called for every key-value pair in every JSON response, allowing the attacker to selectively modify individual values while leaving the rest of the response intact. This vulnerability is fixed in 1.15.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-915",
              "description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-24T17:50:26.586Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
        }
      ],
      "source": {
        "advisory": "GHSA-3w6x-2g7m-8v23",
        "discovery": "UNKNOWN"
      },
      "title": "Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver`"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42044",
    "datePublished": "2026-04-24T17:49:49.517Z",
    "dateReserved": "2026-04-23T16:05:01.709Z",
    "dateUpdated": "2026-04-24T18:12:13.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4427 (GCVE-0-2026-4427)

Vulnerability from cvelistv5 – Published: 2026-03-19 14:24 – Updated: 2026-03-30 07:59

Duplicate of CVE-2026-32286

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2026-03-30T07:59:41.848Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "Duplicate of CVE-2026-32286"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4427",
    "datePublished": "2026-03-19T14:24:02.864Z",
    "dateRejected": "2026-03-30T07:59:41.848Z",
    "dateReserved": "2026-03-19T12:54:24.750Z",
    "dateUpdated": "2026-03-30T07:59:41.848Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:24853

CVE-2026-42043 (GCVE-0-2026-42043)

CVE-2026-42044 (GCVE-0-2026-42044)

CVE-2026-4427 (GCVE-0-2026-4427)

Tags

Sightings

Nomenclature