Vulnerability-Lookup

RHSA-2026:25127

Vulnerability from csaf_redhat - Published: 2026-06-10 20:51 - Updated: 2026-06-14 21:11

Summary

Red Hat Security Advisory: Submariner v0.21 security fixes and container updates

Severity

Important

Notes

Topic: Submariner v0.21 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat Advanced Cluster Management for Kubernetes v2.14

Details: Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters. For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-25621

A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.

7.7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

CWE-279 - Incorrect Execution-Assigned Permissions

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64	—	Vendor Fix fix Workaround

Known not affected 29 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le	—	Workaround

Threats

Impact Important

CVE-2025-61726

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 28 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le	—	Vendor Fix fix Workaround

Known not affected 5 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64	—	Workaround

Threats

Impact Important

CVE-2025-61728

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64	—	Vendor Fix fix Workaround

Known not affected 29 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le	—	Workaround

Threats

Impact Moderate

CVE-2025-61729

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1050 - Excessive Platform Resource Consumption within a Loop

Affected products

Fixed 28 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le	—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64		—

Threats

Impact Important

CVE-2025-68121

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Vendor Fix fix

Known not affected 29 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le		—

Threats

Impact Moderate

CVE-2025-68151

Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64	—	Vendor Fix fix Workaround

Known not affected 29 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le	—	Workaround

Threats

Impact Moderate

CVE-2026-21441

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Affected products

Fixed 28 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le	—	Vendor Fix fix

Known not affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64		—

Threats

Impact Important

CVE-2026-25679

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Vendor Fix fix Workaround

Known not affected 29 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le	—	Workaround

Threats

Impact Important

CVE-2026-26017

A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as 'acl', are evaluated before the 'rewrite' plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64	—	Vendor Fix fix Workaround

Known not affected 25 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le	—	Workaround

Threats

Impact Important

CVE-2026-26018

A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS's loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1241 - Use of Predictable Algorithm in Random Number Generator

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64	—	Vendor Fix fix Workaround

Known not affected 25 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le	—	Workaround

Threats

Impact Important

CVE-2026-32280

A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Vendor Fix fix

Known not affected 29 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le		—

Threats

Impact Important

CVE-2026-32936

A flaw was found in CoreDNS, a DNS server that chains plugins. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending oversized DNS-over-HTTPS (DoH) GET requests. The GET path, unlike the POST path, lacks size validation before processing large `dns=` query parameter values. This can lead to high CPU usage, significant memory allocations, and increased garbage collection, resulting in a Denial of Service (DoS).

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1284 - Improper Validation of Specified Quantity in Input

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64	—	Vendor Fix fix Workaround

Known not affected 25 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le	—	Workaround

Threats

Impact Moderate

CVE-2026-33186

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-551 - Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Vendor Fix fix Workaround

Known not affected 25 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le	—	Workaround

Threats

Impact Important

CVE-2026-34986

A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-131 - Incorrect Calculation of Buffer Size

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64	—	Vendor Fix fix Workaround

Known not affected 29 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64	—	Workaround
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le	—	Workaround

Threats

Impact Important

CVE-2026-35579

A flaw was found in CoreDNS. An unauthenticated network attacker can exploit incorrect handling of TSIG (Transaction Signature) authentication in the gRPC, QUIC, DoH (DNS over HTTPS), and DoH3 transport implementations. This vulnerability allows an attacker to bypass TSIG protection, leading to unauthorized access to functionalities such as zone transfers and dynamic DNS updates. For DoH and DoH3, the issue is more severe as any request with a TSIG record is treated as authenticated, even with an invalid key.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-303 - Incorrect Implementation of Authentication Algorithm

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64	—	Vendor Fix fix
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64	—	Vendor Fix fix

Known not affected 29 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64		—
Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le		—

Threats

Impact Important

References

118 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:25127	self
https://access.redhat.com/security/cve/CVE-2024-25621	external
https://access.redhat.com/security/cve/CVE-2025-61726	external
https://access.redhat.com/security/cve/CVE-2025-61728	external
https://access.redhat.com/security/cve/CVE-2025-61729	external
https://access.redhat.com/security/cve/CVE-2025-68121	external
https://access.redhat.com/security/cve/CVE-2025-68151	external
https://access.redhat.com/security/cve/CVE-2026-21441	external
https://access.redhat.com/security/cve/CVE-2026-25679	external
https://access.redhat.com/security/cve/CVE-2026-26017	external
https://access.redhat.com/security/cve/CVE-2026-26018	external
https://access.redhat.com/security/cve/CVE-2026-32280	external
https://access.redhat.com/security/cve/CVE-2026-32936	external
https://access.redhat.com/security/cve/CVE-2026-33186	external
https://access.redhat.com/security/cve/CVE-2026-34986	external
https://access.redhat.com/security/cve/CVE-2026-35579	external
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-25621	self
https://bugzilla.redhat.com/show_bug.cgi?id=2413190	external
https://www.cve.org/CVERecord?id=CVE-2024-25621	external
https://nvd.nist.gov/vuln/detail/CVE-2024-25621	external
https://github.com/containerd/containerd/blob/mai…	external
https://github.com/containerd/containerd/commit/7…	external
https://github.com/containerd/containerd/security…	external
https://access.redhat.com/security/cve/CVE-2025-61726	self
https://bugzilla.redhat.com/show_bug.cgi?id=2434432	external
https://www.cve.org/CVERecord?id=CVE-2025-61726	external
https://nvd.nist.gov/vuln/detail/CVE-2025-61726	external
https://go.dev/cl/736712	external
https://go.dev/issue/77101	external
https://groups.google.com/g/golang-announce/c/Vd2…	external
https://pkg.go.dev/vuln/GO-2026-4341	external
https://access.redhat.com/security/cve/CVE-2025-61728	self
https://bugzilla.redhat.com/show_bug.cgi?id=2434431	external
https://www.cve.org/CVERecord?id=CVE-2025-61728	external
https://nvd.nist.gov/vuln/detail/CVE-2025-61728	external
https://go.dev/cl/736713	external
https://go.dev/issue/77102	external
https://pkg.go.dev/vuln/GO-2026-4342	external
https://access.redhat.com/security/cve/CVE-2025-61729	self
https://bugzilla.redhat.com/show_bug.cgi?id=2418462	external
https://www.cve.org/CVERecord?id=CVE-2025-61729	external
https://nvd.nist.gov/vuln/detail/CVE-2025-61729	external
https://go.dev/cl/725920	external
https://go.dev/issue/76445	external
https://groups.google.com/g/golang-announce/c/8FJ…	external
https://pkg.go.dev/vuln/GO-2025-4155	external
https://access.redhat.com/security/cve/CVE-2025-68121	self
https://bugzilla.redhat.com/show_bug.cgi?id=2437111	external
https://www.cve.org/CVERecord?id=CVE-2025-68121	external
https://nvd.nist.gov/vuln/detail/CVE-2025-68121	external
https://go.dev/cl/737700	external
https://go.dev/issue/77217	external
https://groups.google.com/g/golang-announce/c/K09…	external
https://pkg.go.dev/vuln/GO-2026-4337	external
https://access.redhat.com/security/cve/CVE-2025-68151	self
https://bugzilla.redhat.com/show_bug.cgi?id=2428009	external
https://www.cve.org/CVERecord?id=CVE-2025-68151	external
https://nvd.nist.gov/vuln/detail/CVE-2025-68151	external
https://github.com/coredns/coredns/commit/0d8cbb1…	external
https://github.com/coredns/coredns/pull/7490	external
https://github.com/coredns/coredns/security/advis…	external
https://access.redhat.com/security/cve/CVE-2026-21441	self
https://bugzilla.redhat.com/show_bug.cgi?id=2427726	external
https://www.cve.org/CVERecord?id=CVE-2026-21441	external
https://nvd.nist.gov/vuln/detail/CVE-2026-21441	external
https://github.com/urllib3/urllib3/commit/8864ac4…	external
https://github.com/urllib3/urllib3/security/advis…	external
https://access.redhat.com/security/cve/CVE-2026-25679	self
https://bugzilla.redhat.com/show_bug.cgi?id=2445356	external
https://www.cve.org/CVERecord?id=CVE-2026-25679	external
https://nvd.nist.gov/vuln/detail/CVE-2026-25679	external
https://go.dev/cl/752180	external
https://go.dev/issue/77578	external
https://groups.google.com/g/golang-announce/c/Edh…	external
https://pkg.go.dev/vuln/GO-2026-4601	external
https://access.redhat.com/security/cve/CVE-2026-26017	self
https://bugzilla.redhat.com/show_bug.cgi?id=2445244	external
https://www.cve.org/CVERecord?id=CVE-2026-26017	external
https://nvd.nist.gov/vuln/detail/CVE-2026-26017	external
https://github.com/coredns/coredns/releases/tag/v1.14.2	external
https://github.com/coredns/coredns/security/advis…	external
https://access.redhat.com/security/cve/CVE-2026-26018	self
https://bugzilla.redhat.com/show_bug.cgi?id=2445242	external
https://www.cve.org/CVERecord?id=CVE-2026-26018	external
https://nvd.nist.gov/vuln/detail/CVE-2026-26018	external
https://github.com/coredns/coredns/security/advis…	external
https://access.redhat.com/security/cve/CVE-2026-32280	self
https://bugzilla.redhat.com/show_bug.cgi?id=2456339	external
https://www.cve.org/CVERecord?id=CVE-2026-32280	external
https://nvd.nist.gov/vuln/detail/CVE-2026-32280	external
https://go.dev/cl/758320	external
https://go.dev/issue/78282	external
https://groups.google.com/g/golang-announce/c/0uY…	external
https://pkg.go.dev/vuln/GO-2026-4947	external
https://access.redhat.com/security/cve/CVE-2026-32936	self
https://bugzilla.redhat.com/show_bug.cgi?id=2466869	external
https://www.cve.org/CVERecord?id=CVE-2026-32936	external
https://nvd.nist.gov/vuln/detail/CVE-2026-32936	external
https://github.com/coredns/coredns/releases/tag/v1.14.3	external
https://github.com/coredns/coredns/security/advis…	external
https://access.redhat.com/security/cve/CVE-2026-33186	self
https://bugzilla.redhat.com/show_bug.cgi?id=2449833	external
https://www.cve.org/CVERecord?id=CVE-2026-33186	external
https://nvd.nist.gov/vuln/detail/CVE-2026-33186	external
https://github.com/grpc/grpc-go/security/advisori…	external
https://access.redhat.com/security/cve/CVE-2026-34986	self
https://bugzilla.redhat.com/show_bug.cgi?id=2455470	external
https://www.cve.org/CVERecord?id=CVE-2026-34986	external
https://nvd.nist.gov/vuln/detail/CVE-2026-34986	external
https://github.com/go-jose/go-jose/security/advis…	external
https://pkg.go.dev/github.com/go-jose/go-jose/v4#…	external
https://access.redhat.com/security/cve/CVE-2026-35579	self
https://bugzilla.redhat.com/show_bug.cgi?id=2466905	external
https://www.cve.org/CVERecord?id=CVE-2026-35579	external
https://nvd.nist.gov/vuln/detail/CVE-2026-35579	external
https://github.com/coredns/coredns/security/advis…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Submariner v0.21 General Availability release images, which provide enhancements, security fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.\nRed Hat Advanced Cluster Management for Kubernetes v2.14",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:25127",
        "url": "https://access.redhat.com/errata/RHSA-2026:25127"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2024-25621",
        "url": "https://access.redhat.com/security/cve/CVE-2024-25621"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61726"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61728"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
        "url": "https://access.redhat.com/security/cve/CVE-2025-68121"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-68151",
        "url": "https://access.redhat.com/security/cve/CVE-2025-68151"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
        "url": "https://access.redhat.com/security/cve/CVE-2026-21441"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
        "url": "https://access.redhat.com/security/cve/CVE-2026-25679"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-26017",
        "url": "https://access.redhat.com/security/cve/CVE-2026-26017"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-26018",
        "url": "https://access.redhat.com/security/cve/CVE-2026-26018"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
        "url": "https://access.redhat.com/security/cve/CVE-2026-32280"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-32936",
        "url": "https://access.redhat.com/security/cve/CVE-2026-32936"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
        "url": "https://access.redhat.com/security/cve/CVE-2026-33186"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
        "url": "https://access.redhat.com/security/cve/CVE-2026-34986"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-35579",
        "url": "https://access.redhat.com/security/cve/CVE-2026-35579"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25127.json"
      }
    ],
    "title": "Red Hat Security Advisory: Submariner v0.21 security fixes and container updates",
    "tracking": {
      "current_release_date": "2026-06-14T21:11:47+00:00",
      "generator": {
        "date": "2026-06-14T21:11:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2026:25127",
      "initial_release_date": "2026-06-10T20:51:55+00:00",
      "revision_history": [
        {
          "date": "2026-06-10T20:51:55+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-10T20:51:57+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-14T21:11:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
                "product": {
                  "name": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
                  "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:acm:2.14::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Advanced Cluster Management for Kubernetes"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
                  "product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Abbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1780204232"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
                  "product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Aeee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1780204249"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
                  "product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/nettest-rhel9@sha256%3A80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1780241410"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
                  "product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/subctl-rhel9@sha256%3Acac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1780238563"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
                  "product_id": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-operator-bundle@sha256%3A5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-operator-bundle\u0026tag=1780248353"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
                  "product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1780204887"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
                  "product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Aa7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1780204696"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
                  "product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-rhel9-operator@sha256%3A2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1780204322"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
                  "product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1780204631"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
                  "product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1780204232"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
                  "product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1780204249"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
                  "product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/nettest-rhel9@sha256%3A5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1780241410"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
                  "product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/subctl-rhel9@sha256%3A5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1780238563"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
                  "product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1780204887"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
                  "product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Aed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1780204696"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
                  "product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-rhel9-operator@sha256%3A100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1780204322"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le",
                  "product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3Ac52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1780204631"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
                "product": {
                  "name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
                  "product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Aeac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1780204232"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
                "product": {
                  "name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
                  "product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Ae688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1780204249"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
                "product": {
                  "name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
                  "product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/nettest-rhel9@sha256%3Af928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1780241410"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
                "product": {
                  "name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
                  "product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/subctl-rhel9@sha256%3A5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1780238563"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
                  "product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1780204887"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
                  "product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1780204696"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
                  "product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-rhel9-operator@sha256%3A01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1780204322"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
                  "product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1780204631"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
                  "product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1780204232"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
                  "product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Ae802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1780204249"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
                  "product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/nettest-rhel9@sha256%3A831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1780241410"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
                  "product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/subctl-rhel9@sha256%3Aa154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1780238563"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
                  "product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1780204887"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
                  "product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Abe69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1780204696"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
                  "product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-rhel9-operator@sha256%3A60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1780204322"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
                "product": {
                  "name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
                  "product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1780204631"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64"
        },
        "product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64"
        },
        "product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x"
        },
        "product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x"
        },
        "product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64"
        },
        "product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
        },
        "product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64"
        },
        "product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64"
        },
        "product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x"
        },
        "product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x"
        },
        "product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64"
        },
        "product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
        },
        "product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
          "product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        },
        "product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le",
        "relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-25621",
      "cwe": {
        "id": "CWE-279",
        "name": "Incorrect Execution-Assigned Permissions"
      },
      "discovery_date": "2025-11-06T19:01:04.402278+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2413190"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/containerd/containerd: containerd local privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-25621"
        },
        {
          "category": "external",
          "summary": "RHBZ#2413190",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413190"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-25621",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621"
        },
        {
          "category": "external",
          "summary": "https://github.com/containerd/containerd/blob/main/docs/rootless.md",
          "url": "https://github.com/containerd/containerd/blob/main/docs/rootless.md"
        },
        {
          "category": "external",
          "summary": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5",
          "url": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5"
        },
        {
          "category": "external",
          "summary": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w",
          "url": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w"
        }
      ],
      "release_date": "2025-11-06T18:36:21.566000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        },
        {
          "category": "workaround",
          "details": "The system administrator on the host can manually chmod the directories to not\nhave group or world accessible permissions:\n```\nchmod 700 /var/lib/containerd\nchmod 700 /run/containerd/io.containerd.grpc.v1.cri\nchmod 700 /run/containerd/io.containerd.sandbox.controller.v1.shim\n```\nAn alternative mitigation would be to run containerd in rootless mode.",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/containerd/containerd: containerd local privilege escalation"
    },
    {
      "cve": "CVE-2025-61726",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-01-28T20:01:42.791305+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2434432"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "RHBZ#2434432",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/736712",
          "url": "https://go.dev/cl/736712"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77101",
          "url": "https://go.dev/issue/77101"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4341",
          "url": "https://pkg.go.dev/vuln/GO-2026-4341"
        }
      ],
      "release_date": "2026-01-28T19:30:31.215000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "cve": "CVE-2025-61728",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-01-28T20:01:39.965024+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2434431"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61728"
        },
        {
          "category": "external",
          "summary": "RHBZ#2434431",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/736713",
          "url": "https://go.dev/cl/736713"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77102",
          "url": "https://go.dev/issue/77102"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4342",
          "url": "https://pkg.go.dev/vuln/GO-2026-4342"
        }
      ],
      "release_date": "2026-01-28T19:30:31.354000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
    },
    {
      "cve": "CVE-2025-61729",
      "cwe": {
        "id": "CWE-1050",
        "name": "Excessive Platform Resource Consumption within a Loop"
      },
      "discovery_date": "2025-12-02T20:01:45.330964+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418462"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418462",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/725920",
          "url": "https://go.dev/cl/725920"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/76445",
          "url": "https://go.dev/issue/76445"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4155",
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "release_date": "2025-12-02T18:54:10.166000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "cve": "CVE-2025-68121",
      "discovery_date": "2026-02-05T18:01:30.086058+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2437111"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "RHBZ#2437111",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/737700",
          "url": "https://go.dev/cl/737700"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77217",
          "url": "https://go.dev/issue/77217"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
          "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4337",
          "url": "https://pkg.go.dev/vuln/GO-2026-4337"
        }
      ],
      "release_date": "2026-02-05T17:48:44.141000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
    },
    {
      "cve": "CVE-2025-68151",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-01-08T16:01:04.891768+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2428009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-68151"
        },
        {
          "category": "external",
          "summary": "RHBZ#2428009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-68151",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68151"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151"
        },
        {
          "category": "external",
          "summary": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812",
          "url": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812"
        },
        {
          "category": "external",
          "summary": "https://github.com/coredns/coredns/pull/7490",
          "url": "https://github.com/coredns/coredns/pull/7490"
        },
        {
          "category": "external",
          "summary": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2",
          "url": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2"
        }
      ],
      "release_date": "2026-01-08T15:33:12.711000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages"
    },
    {
      "cve": "CVE-2026-21441",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "discovery_date": "2026-01-07T23:01:59.422078+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2427726"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-21441"
        },
        {
          "category": "external",
          "summary": "RHBZ#2427726",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
        },
        {
          "category": "external",
          "summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
          "url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
        },
        {
          "category": "external",
          "summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
        }
      ],
      "release_date": "2026-01-07T22:09:01.936000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
    },
    {
      "cve": "CVE-2026-25679",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2026-03-06T22:02:11.567841+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2445356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "RHBZ#2445356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/752180",
          "url": "https://go.dev/cl/752180"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77578",
          "url": "https://go.dev/issue/77578"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
          "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4601",
          "url": "https://pkg.go.dev/vuln/GO-2026-4601"
        }
      ],
      "release_date": "2026-03-06T21:28:14.211000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "cve": "CVE-2026-26017",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "discovery_date": "2026-03-06T16:01:45.971241+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2445244"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as \u0027acl\u0027, are evaluated before the \u0027rewrite\u0027 plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-26017"
        },
        {
          "category": "external",
          "summary": "RHBZ#2445244",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445244"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-26017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26017"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017"
        },
        {
          "category": "external",
          "summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
          "url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
        },
        {
          "category": "external",
          "summary": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr",
          "url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"
        }
      ],
      "release_date": "2026-03-06T15:36:15.655000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw"
    },
    {
      "cve": "CVE-2026-26018",
      "cwe": {
        "id": "CWE-1241",
        "name": "Use of Predictable Algorithm in Random Number Generator"
      },
      "discovery_date": "2026-03-06T16:01:38.150099+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2445242"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS\u0027s loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-26018"
        },
        {
          "category": "external",
          "summary": "RHBZ#2445242",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445242"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-26018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26018"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018"
        },
        {
          "category": "external",
          "summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
          "url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
        },
        {
          "category": "external",
          "summary": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278",
          "url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
        }
      ],
      "release_date": "2026-03-06T15:35:50.801000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation"
    },
    {
      "cve": "CVE-2026-32280",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-04-08T02:01:19.572351+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456339"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32280"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456339",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/758320",
          "url": "https://go.dev/cl/758320"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/78282",
          "url": "https://go.dev/issue/78282"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
          "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4947",
          "url": "https://pkg.go.dev/vuln/GO-2026-4947"
        }
      ],
      "release_date": "2026-04-08T01:06:58.595000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "cve": "CVE-2026-32936",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "discovery_date": "2026-05-05T20:01:52.218439+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2466869"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in CoreDNS, a DNS server that chains plugins. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending oversized DNS-over-HTTPS (DoH) GET requests. The GET path, unlike the POST path, lacks size validation before processing large `dns=` query parameter values. This can lead to high CPU usage, significant memory allocations, and increased garbage collection, resulting in a Denial of Service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/coredns/coredns: CoreDNS: Denial of Service via oversized DNS-over-HTTPS GET requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32936"
        },
        {
          "category": "external",
          "summary": "RHBZ#2466869",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466869"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32936",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32936"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32936",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32936"
        },
        {
          "category": "external",
          "summary": "https://github.com/coredns/coredns/releases/tag/v1.14.3",
          "url": "https://github.com/coredns/coredns/releases/tag/v1.14.3"
        },
        {
          "category": "external",
          "summary": "https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr",
          "url": "https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr"
        }
      ],
      "release_date": "2026-05-05T19:07:51.926000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "github.com/coredns/coredns: CoreDNS: Denial of Service via oversized DNS-over-HTTPS GET requests"
    },
    {
      "cve": "CVE-2026-33186",
      "cwe": {
        "id": "CWE-551",
        "name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
      },
      "discovery_date": "2026-03-20T23:02:27.802640+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2449833"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33186"
        },
        {
          "category": "external",
          "summary": "RHBZ#2449833",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
        },
        {
          "category": "external",
          "summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
          "url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
        }
      ],
      "release_date": "2026-03-20T22:23:32.147000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
    },
    {
      "cve": "CVE-2026-34986",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "discovery_date": "2026-04-06T17:01:34.639203+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2455470"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-34986"
        },
        {
          "category": "external",
          "summary": "RHBZ#2455470",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
        },
        {
          "category": "external",
          "summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
          "url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
          "url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
        }
      ],
      "release_date": "2026-04-06T16:22:45.353000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
    },
    {
      "cve": "CVE-2026-35579",
      "cwe": {
        "id": "CWE-303",
        "name": "Incorrect Implementation of Authentication Algorithm"
      },
      "discovery_date": "2026-05-05T21:01:06.423844+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2466905"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in CoreDNS. An unauthenticated network attacker can exploit incorrect handling of TSIG (Transaction Signature) authentication in the gRPC, QUIC, DoH (DNS over HTTPS), and DoH3 transport implementations. This vulnerability allows an attacker to bypass TSIG protection, leading to unauthorized access to functionalities such as zone transfers and dynamic DNS updates. For DoH and DoH3, the issue is more severe as any request with a TSIG record is treated as authenticated, even with an invalid key.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/coredns/coredns: CoreDNS: Authentication bypass allows unauthorized access to TSIG-protected functionalities",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
        ],
        "known_not_affected": [
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
          "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-35579"
        },
        {
          "category": "external",
          "summary": "RHBZ#2466905",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466905"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-35579",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-35579"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-35579",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35579"
        },
        {
          "category": "external",
          "summary": "https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9",
          "url": "https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9"
        }
      ],
      "release_date": "2026-05-05T20:29:16.903000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-10T20:51:55+00:00",
          "details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
          "product_ids": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25127"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
            "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/coredns/coredns: CoreDNS: Authentication bypass allows unauthorized access to TSIG-protected functionalities"
    }
  ]
}

CVE-2024-25621 (GCVE-0-2024-25621)

Vulnerability from cvelistv5 – Published: 2025-11-06 18:36 – Updated: 2025-11-06 19:35

Title

containerd affected by a local privilege escalation via wide permissions on CRI directory

Summary

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-279 - Incorrect Execution-Assigned Permissions

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/containerd/containerd/security…	x_refsource_CONFIRM
https://github.com/containerd/containerd/commit/7…	x_refsource_MISC
https://github.com/containerd/containerd/blob/mai…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
containerd	containerd	Affected: < 1.7.29 Affected: >= 2.0.0-beta.0, < 2.0.7 Affected: >= 2.1.0-beta.0, < 2.1.5 Affected: >= 2.2.0-beta.0, < 2.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-25621",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-06T19:34:44.710425Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-06T19:35:13.415Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "containerd",
          "vendor": "containerd",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.7.29"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0-beta.0, \u003c 2.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.1.0-beta.0, \u003c 2.1.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.2.0-beta.0, \u003c 2.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-279",
              "description": "CWE-279: Incorrect Execution-Assigned Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T18:36:21.566Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w"
        },
        {
          "name": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5"
        },
        {
          "name": "https://github.com/containerd/containerd/blob/main/docs/rootless.md",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/containerd/containerd/blob/main/docs/rootless.md"
        }
      ],
      "source": {
        "advisory": "GHSA-pwhc-rpq9-4c8w",
        "discovery": "UNKNOWN"
      },
      "title": "containerd affected by a local privilege escalation via wide permissions on CRI directory"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-25621",
    "datePublished": "2025-11-06T18:36:21.566Z",
    "dateReserved": "2024-02-08T22:26:33.511Z",
    "dateUpdated": "2025-11-06T19:35:13.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61726 (GCVE-0-2025-61726)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-01-29 18:31

Title

Memory exhaustion in query parameter parsing in net/url

Summary

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

4 references

URL	Tags
https://go.dev/cl/736712
https://go.dev/issue/77101
https://groups.google.com/g/golang-announce/c/Vd2…
https://pkg.go.dev/vuln/GO-2026-4341

Impacted products

1 product

Vendor	Product	Version
Go standard library	net/url	Affected: 0 , < 1.24.12 (semver) Affected: 1.25.0 , < 1.25.6 (semver)

Credits

jub0bs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61726",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T18:31:39.150633Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T18:31:59.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/url",
          "product": "net/url",
          "programRoutines": [
            {
              "name": "parseQuery"
            },
            {
              "name": "ParseQuery"
            },
            {
              "name": "URL.Query"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "jub0bs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:31.215Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736712"
        },
        {
          "url": "https://go.dev/issue/77101"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4341"
        }
      ],
      "title": "Memory exhaustion in query parameter parsing in net/url"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61726",
    "datePublished": "2026-01-28T19:30:31.215Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2026-01-29T18:31:59.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61728 (GCVE-0-2025-61728)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-01-29 18:30

Title

Excessive CPU consumption when building archive index in archive/zip

Summary

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

References

5 references

URL	Tags
https://go.dev/cl/736713
https://go.dev/issue/77102
https://groups.google.com/g/golang-announce/c/Vd2…
https://pkg.go.dev/vuln/GO-2026-4342
http://www.openwall.com/lists/oss-security/2026/01/15/4

Impacted products

1 product

Vendor	Product	Version
Go standard library	archive/zip	Affected: 0 , < 1.24.12 (semver) Affected: 1.25.0 , < 1.25.6 (semver)

Credits

Jakub Ciolek

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-28T20:08:22.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/01/15/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61728",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T18:29:58.068724Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T18:30:24.487Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "archive/zip",
          "product": "archive/zip",
          "programRoutines": [
            {
              "name": "Reader.initFileList"
            },
            {
              "name": "Reader.Open"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.6",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakub Ciolek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:30:31.354Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/736713"
        },
        {
          "url": "https://go.dev/issue/77102"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4342"
        }
      ],
      "title": "Excessive CPU consumption when building archive index in archive/zip"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61728",
    "datePublished": "2026-01-28T19:30:31.354Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2026-01-29T18:30:24.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61729 (GCVE-0-2025-61729)

Vulnerability from cvelistv5 – Published: 2025-12-02 18:54 – Updated: 2025-12-03 19:37

Title

Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Summary

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

4 references

URL	Tags
https://go.dev/cl/725920
https://go.dev/issue/76445
https://groups.google.com/g/golang-announce/c/8FJ…
https://pkg.go.dev/vuln/GO-2025-4155

Impacted products

1 product

Vendor	Product	Version
Go standard library	crypto/x509	Affected: 0 , < 1.24.11 (semver) Affected: 1.25.0 , < 1.25.5 (semver)

Credits

Philippe Antoine (Catena cyber)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61729",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T21:52:36.341575Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T21:52:58.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/x509",
          "product": "crypto/x509",
          "programRoutines": [
            {
              "name": "Certificate.VerifyHostname"
            },
            {
              "name": "Certificate.Verify"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.5",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Philippe Antoine (Catena cyber)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-03T19:37:14.903Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/725920"
        },
        {
          "url": "https://go.dev/issue/76445"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "title": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61729",
    "datePublished": "2025-12-02T18:54:10.166Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2025-12-03T19:37:14.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68121 (GCVE-0-2025-68121)

Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-04-29 13:29

Title

Unexpected session resumption in crypto/tls

Summary

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-295 - Improper Certificate Validation

Assigner

References

4 references

URL	Tags
https://groups.google.com/g/golang-announce/c/K09…
https://go.dev/cl/737700
https://go.dev/issue/77217
https://pkg.go.dev/vuln/GO-2026-4337

Impacted products

1 product

Vendor	Product	Version
Go standard library	crypto/tls	Affected: 0 , < 1.24.13 (semver) Affected: 1.25.0-0 , < 1.25.7 (semver) Affected: 1.26.0-rc.1 , < 1.26.0-rc.3 (semver)

Credits

Coia Prant (github.com/rbqvq) Go Security Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-68121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-29T03:55:46.305385Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "CWE-295 Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-29T13:29:25.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/tls",
          "product": "crypto/tls",
          "programRoutines": [
            {
              "name": "Conn.handshakeContext"
            },
            {
              "name": "Conn.Handshake"
            },
            {
              "name": "Conn.HandshakeContext"
            },
            {
              "name": "Conn.Read"
            },
            {
              "name": "Conn.Write"
            },
            {
              "name": "Dial"
            },
            {
              "name": "DialWithDialer"
            },
            {
              "name": "Dialer.Dial"
            },
            {
              "name": "Dialer.DialContext"
            },
            {
              "name": "QUICConn.Start"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.7",
              "status": "affected",
              "version": "1.25.0-0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.0-rc.3",
              "status": "affected",
              "version": "1.26.0-rc.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Coia Prant (github.com/rbqvq)"
        },
        {
          "lang": "en",
          "value": "Go Security Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-05T17:48:44.141Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
        },
        {
          "url": "https://go.dev/cl/737700"
        },
        {
          "url": "https://go.dev/issue/77217"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4337"
        }
      ],
      "title": "Unexpected session resumption in crypto/tls"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-68121",
    "datePublished": "2026-02-05T17:48:44.141Z",
    "dateReserved": "2025-12-15T16:48:04.451Z",
    "dateUpdated": "2026-04-29T13:29:25.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68151 (GCVE-0-2025-68151)

Vulnerability from cvelistv5 – Published: 2026-01-08 15:33 – Updated: 2026-01-08 15:50

Title

CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

Summary

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints. Version 1.14.0 contains a patch.

Severity

6.6 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/coredns/coredns/security/advis…	x_refsource_CONFIRM
https://github.com/coredns/coredns/pull/7490	x_refsource_MISC
https://github.com/coredns/coredns/commit/0d8cbb1…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
coredns	coredns	Affected: < 1.14.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68151",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-08T15:50:16.033988Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-08T15:50:35.397Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "coredns",
          "vendor": "coredns",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.14.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints. Version 1.14.0 contains a patch."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-08T15:33:12.711Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2"
        },
        {
          "name": "https://github.com/coredns/coredns/pull/7490",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/coredns/coredns/pull/7490"
        },
        {
          "name": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812"
        }
      ],
      "source": {
        "advisory": "GHSA-527x-5wrf-22m2",
        "discovery": "UNKNOWN"
      },
      "title": "CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-68151",
    "datePublished": "2026-01-08T15:33:12.711Z",
    "dateReserved": "2025-12-15T20:13:34.486Z",
    "dateUpdated": "2026-01-08T15:50:35.397Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21441 (GCVE-0-2026-21441)

Vulnerability from cvelistv5 – Published: 2026-01-07 22:09 – Updated: 2026-01-23 09:07

Title

urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

Summary

Severity

8.9 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/urllib3/urllib3/security/advis…	x_refsource_CONFIRM
https://github.com/urllib3/urllib3/commit/8864ac4…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2026…

Impacted products

1 product

Vendor	Product	Version
urllib3	urllib3	Affected: >= 1.22, < 2.6.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21441",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-08T20:08:04.959214Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-08T20:08:22.320Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-23T09:07:22.785Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "urllib3",
          "vendor": "urllib3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.22, \u003c 2.6.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-409",
              "description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-07T22:13:57.482Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
        },
        {
          "name": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
        }
      ],
      "source": {
        "advisory": "GHSA-38jv-5279-wg99",
        "discovery": "UNKNOWN"
      },
      "title": "urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-21441",
    "datePublished": "2026-01-07T22:09:01.936Z",
    "dateReserved": "2025-12-29T03:00:29.276Z",
    "dateUpdated": "2026-01-23T09:07:22.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25679 (GCVE-0-2026-25679)

Vulnerability from cvelistv5 – Published: 2026-03-06 21:28 – Updated: 2026-03-10 13:37

Title

Incorrect parsing of IPv6 host literals in net/url

Summary

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Assigner

References

4 references

URL	Tags
https://go.dev/cl/752180
https://go.dev/issue/77578
https://groups.google.com/g/golang-announce/c/Edh…
https://pkg.go.dev/vuln/GO-2026-4601

Impacted products

1 product

Vendor	Product	Version
Go standard library	net/url	Affected: 0 , < 1.25.8 (semver) Affected: 1.26.0-0 , < 1.26.1 (semver)

Credits

Masaki Hara (https://github.com/qnighy) of Wantedly

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-25679",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-10T13:36:26.554241Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-10T13:37:02.459Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/url",
          "product": "net/url",
          "programRoutines": [
            {
              "name": "parseHost"
            },
            {
              "name": "JoinPath"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseRequestURI"
            },
            {
              "name": "URL.Parse"
            },
            {
              "name": "URL.UnmarshalBinary"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.25.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.1",
              "status": "affected",
              "version": "1.26.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Masaki Hara (https://github.com/qnighy) of Wantedly"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T21:28:14.211Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/752180"
        },
        {
          "url": "https://go.dev/issue/77578"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4601"
        }
      ],
      "title": "Incorrect parsing of IPv6 host literals in net/url"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-25679",
    "datePublished": "2026-03-06T21:28:14.211Z",
    "dateReserved": "2026-02-05T01:33:41.943Z",
    "dateUpdated": "2026-03-10T13:37:02.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-26017 (GCVE-0-2026-26017)

Vulnerability from cvelistv5 – Published: 2026-03-06 15:36 – Updated: 2026-03-06 16:06

Title

CoreDNS ACL Bypass

Summary

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.

Severity

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/coredns/coredns/security/advis…	x_refsource_CONFIRM
https://github.com/coredns/coredns/releases/tag/v1.14.2	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
coredns	coredns	Affected: < 1.14.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T16:06:32.284525Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T16:06:41.093Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "coredns",
          "vendor": "coredns",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.14.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T15:36:15.655Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"
        },
        {
          "name": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
        }
      ],
      "source": {
        "advisory": "GHSA-c9v3-4pv7-87pr",
        "discovery": "UNKNOWN"
      },
      "title": "CoreDNS ACL Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-26017",
    "datePublished": "2026-03-06T15:36:15.655Z",
    "dateReserved": "2026-02-09T21:36:29.554Z",
    "dateUpdated": "2026-03-06T16:06:41.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-26018 (GCVE-0-2026-26018)

Vulnerability from cvelistv5 – Published: 2026-03-06 15:35 – Updated: 2026-03-06 16:07

Title

CoreDNS Loop Detection Denial of Service Vulnerability

Summary

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
CWE-770 - Allocation of Resources Without Limits or Throttling
CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/coredns/coredns/security/advis…	x_refsource_CONFIRM
https://github.com/coredns/coredns/releases/tag/v1.14.2	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
coredns	coredns	Affected: < 1.14.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T16:07:22.371186Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T16:07:31.587Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "coredns",
          "vendor": "coredns",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.14.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS\u0027s loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-337",
              "description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T15:35:50.801Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
        },
        {
          "name": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
        }
      ],
      "source": {
        "advisory": "GHSA-h75p-j8xm-m278",
        "discovery": "UNKNOWN"
      },
      "title": "CoreDNS Loop Detection Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-26018",
    "datePublished": "2026-03-06T15:35:50.801Z",
    "dateReserved": "2026-02-09T21:36:29.554Z",
    "dateUpdated": "2026-03-06T16:07:31.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:25127

CVE-2024-25621 (GCVE-0-2024-25621)

CVE-2025-61726 (GCVE-0-2025-61726)

CVE-2025-61728 (GCVE-0-2025-61728)

CVE-2025-61729 (GCVE-0-2025-61729)

CVE-2025-68121 (GCVE-0-2025-68121)

CVE-2025-68151 (GCVE-0-2025-68151)

CVE-2026-21441 (GCVE-0-2026-21441)

CVE-2026-25679 (GCVE-0-2026-25679)

CVE-2026-26017 (GCVE-0-2026-26017)

CVE-2026-26018 (GCVE-0-2026-26018)

Tags

Sightings

Nomenclature