RHSA-2026:30076
Vulnerability from csaf_redhat - Published: 2026-06-25 18:18 - Updated: 2026-06-25 23:18Summary
Red Hat Security Advisory: Red Hat Quay 3.12.19
Severity
Important
Notes
Topic: Red Hat Quay 3.12.19 is now available with bug fixes.
Details: Quay 3.12.19
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI's intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x | — |
Threats
Impact
Important
A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x | — |
Threats
Impact
Important
A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client's event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x | — |
Threats
Impact
Important
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x | — |
Threats
Impact
Important
References
46 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.19 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.19",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:30076",
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-10143",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48526",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6322",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9277",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_30076.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12.19",
"tracking": {
"current_release_date": "2026-06-25T23:18:29+00:00",
"generator": {
"date": "2026-06-25T23:18:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.5"
}
},
"id": "RHSA-2026:30076",
"initial_release_date": "2026-06-25T18:18:45+00:00",
"revision_history": [
{
"date": "2026-06-25T18:18:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-25T18:18:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T23:18:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1782332457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781937016"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1782333480"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1782331980"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1782332470"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1782331838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1782333960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ad977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1782332068"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ab9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781937357"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ab00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781937016"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1782331980"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62?arch=arm64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1782331838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1782332068"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b?arch=arm64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781937357"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ad7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781937016"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1782331980"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1782331838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1782332068"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ab7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781937357"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Af43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781937016"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1782331980"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Adf86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1782331838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Add341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1782332068"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Adb1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781937357"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6322",
"cwe": {
"id": "CWE-140",
"name": "Improper Neutralization of Delimiters"
},
"discovery_date": "2026-05-05T11:01:00.332189+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI\u0027s intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "RHBZ#2466684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
}
],
"release_date": "2026-05-05T10:29:16.378000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T18:18:45+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling"
},
{
"cve": "CVE-2026-9277",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-22T14:01:14.427751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "RHBZ#2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote",
"url": "https://github.com/ljharb/shell-quote"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/commit/1518179",
"url": "https://github.com/ljharb/shell-quote/commit/1518179"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
"url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/shell-quote",
"url": "https://www.npmjs.com/package/shell-quote"
}
],
"release_date": "2026-05-22T13:22:38.873000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T18:18:45+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
},
{
"cve": "CVE-2026-10143",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-06-10T21:02:14.712750+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client\u0027s event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"category": "external",
"summary": "RHBZ#2487722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-10143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-10143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10143"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b",
"url": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/pull/3019",
"url": "https://github.com/dpkp/kafka-python/pull/3019"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/pull/3026",
"url": "https://github.com/dpkp/kafka-python/pull/3026"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py",
"url": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py"
}
],
"release_date": "2026-06-10T20:22:39.262000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T18:18:45+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T18:18:45+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T18:18:45+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-48526",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-28T16:01:22.805235+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer\u0027s public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "RHBZ#2482734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx"
}
],
"release_date": "2026-05-28T15:09:09.258000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T18:18:45+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:30076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:0285b52259e86295777d45ca169c63d5cc2ad320774fb36a83eb76b0ee906b62_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6cbbd03b84fc2a72f0546b0f88564bdd30f694eef88699327afb94aadf6bded5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:758da243753a713917e5d6ac61f7cb516be1f1f7714136ce1fa9c8c5383c6c91_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e7c9e7f90ac26681e680fd548e015a36e5760aa4ea8f8278e9ef052969dfcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:61cb89f4522d027dc7862cad2db1b0e6b8d0ee2c805e5bba5dfaa2f0a626b498_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:175cfaa83d23cb17e179d0f01a2b8c6b10a4ff0771616380421114fa46404c5e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2c13c569fcd307d333f26c098a2c0b2de9a7a0006974d98dae532e0189a7b384_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:73ba187acabd311914dd81494a5b32968fab6c8c0e943290569154e10dd2e6bb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8ef53d785bd058442d23ca8d7cfb5034830e75e963e764a3bb78b9c5bc782df7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:4e18730e0d3a0297df2e97af0c5a16602fb3c45a1e6ef8f04339a1d6ef9f8ca7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:31681014e706162350f17a91c3d2b348b6d930ade877839b8ddd35fadeaa4c7b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8326e2cf11416af5abcf9bf0c4a496dd6d42f90e03b9d83c10ab1b5c5537631d_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8a0fd5087f811850d07a66718ba2f230ca1a3fa581bf88aa8be2c00fa907b88e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:df86c2a14cd963c1efac3ef7375934ea4e432351bc45a441580d87e7da5db08f_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:876b89b047656b208af0f57881bb7ae351f53c2f875675686e5b334b74d2ac2b_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:804cfcb86df78455d539a984502f91e887b19caf8c633793a0173b481c0cd1e3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b00b2c5a96fe210d53ae11f4d21f507e0adf9c63257cdbc9ab199455771654d0_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d7cc7f5b60db23e617782f514368fd3a20fc2e31051a7b0d13603d14c6386483_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:f43d26a782e2c0994598fa1bf4d57073e272717418ac62df6f1a394a9a4a9deb_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:3a939af325476612b7c753c10015c36a3ab43ae4a8751aee6877621d90ebfee9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:168e8f94d1d818026c2c3f545f37aeeacfddc8181652f49408358a91010a771a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:531d1c071f662ae600b6e0d6cb945bb13d9155330a2e5c01b19ba01920f46874_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:d977e222cce6e053bc206fa891215e2ece1bd0c6f87a916d0899c51dca3c4fcf_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd341c8af0f1c6aff634d99e0d145c0a2b10f2e8f0dd3b0929eb0f27888f772c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:09cacc9bbd0ea8f666b392a278cda7d42bd36116ec696f722d294a4d2b8cc64b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b7002e08ebee80927d071a0c3348fb1e508e65cef47671f5554d740a74a8a6fc_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b9e339cb611967965c68280227825dad1018524c5ff6bc0fcf5620b2581fce1c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:db1bcca3650cdc99b46ab8c11b138220a0c90eb7475d7e36c026ebd7a57e02dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…