Vulnerability-Lookup

SUSE-SU-2026:21540-1

Vulnerability from csaf_suse - Published: 2026-05-04 10:09 - Updated: 2026-05-04 10:09

Summary

Security update for google-cloud-sap-agent

Severity

Important

Notes

Title of the patch: Security update for google-cloud-sap-agent

Description of the patch: This update for google-cloud-sap-agent fixes the following issue: - CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty `encrypted_key` field but key wrapping algorithm set can lead to a denial of service (bsc#1262936).

Patchnames: SUSE-SLES-16.0-671

CVE-2026-34986

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.12-160000.2.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.12-160000.2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.12-160000.2.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.12-160000.2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1262936	self
https://www.suse.com/security/cve/CVE-2026-34986/	self
https://www.suse.com/security/cve/CVE-2026-34986	external
https://bugzilla.suse.com/1262805	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for google-cloud-sap-agent",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for google-cloud-sap-agent fixes the following issue:\n\n- CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty `encrypted_key` field but key\n  wrapping algorithm set can lead to a denial of service (bsc#1262936).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLES-16.0-671",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21540-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:21540-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621540-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:21540-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025978.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1262936",
        "url": "https://bugzilla.suse.com/1262936"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34986 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34986/"
      }
    ],
    "title": "Security update for google-cloud-sap-agent",
    "tracking": {
      "current_release_date": "2026-05-04T10:09:04Z",
      "generator": {
        "date": "2026-05-04T10:09:04Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:21540-1",
      "initial_release_date": "2026-05-04T10:09:04Z",
      "revision_history": [
        {
          "date": "2026-05-04T10:09:04Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "google-cloud-sap-agent-3.12-160000.2.1.aarch64",
                "product": {
                  "name": "google-cloud-sap-agent-3.12-160000.2.1.aarch64",
                  "product_id": "google-cloud-sap-agent-3.12-160000.2.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "google-cloud-sap-agent-3.12-160000.2.1.x86_64",
                "product": {
                  "name": "google-cloud-sap-agent-3.12-160000.2.1.x86_64",
                  "product_id": "google-cloud-sap-agent-3.12-160000.2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server 16.0",
                  "product_id": "SUSE Linux Enterprise Server 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "google-cloud-sap-agent-3.12-160000.2.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.12-160000.2.1.aarch64"
        },
        "product_reference": "google-cloud-sap-agent-3.12-160000.2.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "google-cloud-sap-agent-3.12-160000.2.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.12-160000.2.1.x86_64"
        },
        "product_reference": "google-cloud-sap-agent-3.12-160000.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "google-cloud-sap-agent-3.12-160000.2.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.12-160000.2.1.aarch64"
        },
        "product_reference": "google-cloud-sap-agent-3.12-160000.2.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "google-cloud-sap-agent-3.12-160000.2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.12-160000.2.1.x86_64"
        },
        "product_reference": "google-cloud-sap-agent-3.12-160000.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-34986",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34986"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.12-160000.2.1.aarch64",
          "SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.12-160000.2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.12-160000.2.1.aarch64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.12-160000.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34986",
          "url": "https://www.suse.com/security/cve/CVE-2026-34986"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262805 for CVE-2026-34986",
          "url": "https://bugzilla.suse.com/1262805"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.12-160000.2.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.12-160000.2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.12-160000.2.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.12-160000.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.12-160000.2.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.12-160000.2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.12-160000.2.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.12-160000.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-04T10:09:04Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-34986"
    }
  ]
}

CVE-2026-34986 (GCVE-0-2026-34986)

Vulnerability from cvelistv5 – Published: 2026-04-06 16:22 – Updated: 2026-06-30 12:05

Title

Go JOSE affect by a panic in JWE decryption

Summary

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-248 - Uncaught Exception
CWE-131 - Incorrect Calculation of Buffer Size

Assigner

GitHub_M

References

110 references

URL	Tags
https://github.com/go-jose/go-jose/security/advis…	x_refsource_CONFIRM
https://pkg.go.dev/github.com/go-jose/go-jose/v4#…	x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2026-34986	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2455470	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:17789	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20569	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19719	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27856	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17040	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:16696	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22937	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19135	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22450	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19017	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25252	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25248	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25250	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:32991	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19721	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20607	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19720	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26054	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17287	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20609	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10135	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19186	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:23228	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19353	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22714	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19173	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26636	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26585	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22423	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22347	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21769	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:23345	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:29854	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26568	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25127	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13829	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11070	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11217	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13791	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24977	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19712	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17598	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27001	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17448	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27004	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20041	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27063	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21703	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25194	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17468	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25187	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21709	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:23241	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27044	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20034	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17474	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25206	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10175	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20946	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24484	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21932	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21931	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11688	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9448	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8490	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9453	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8491	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8493	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9388	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9385	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17550	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17547	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12279	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12277	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11856	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22629	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21017	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24853	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19375	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22465	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11916	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22840	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:23361	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11996	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10125	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10130	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24475	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24482	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24479	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24477	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24471	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:12116	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19099	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19108	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:28198	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17459	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17458	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:11512	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17123	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22258	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:17121	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22260	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30650	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:18584	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:18585	vendor-advisoryx_refsource_REDHAT

Impacted products

103 products

Vendor	Product	Version
go-jose	go-jose	Affected: >= 4.0.0, < 4.1.4 Affected: < 3.0.5
Red Hat	Cryostat 4 on RHEL 9	cpe:/a:redhat:cryostat:4::el9
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.4)	cpe:/a:redhat:rhel_e4s:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)	cpe:/o:redhat:enterprise_linux:10.2
Red Hat	Custom Metric Autoscaler 2.19	cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9
Red Hat	Logging Subsystem for Red Hat OpenShift 6.0	cpe:/a:redhat:logging:6.0::el9
Red Hat	Multicluster Global Hub 1.3.4	cpe:/a:redhat:multicluster_globalhub:1.3::el9
Red Hat	Multicluster Global Hub 1.4.5	cpe:/a:redhat:multicluster_globalhub:1.4::el9
Red Hat	Multicluster Global Hub 1.5.4	cpe:/a:redhat:multicluster_globalhub:1.5::el9
Red Hat	Multicluster Global Hub 1.6.2	cpe:/a:redhat:multicluster_globalhub:1.6::el9
Red Hat	OpenShift API for Data Protection 1.4	cpe:/a:redhat:openshift_api_data_protection:1.4::el9
Red Hat	OpenShift API for Data Protection 1.5	cpe:/a:redhat:openshift_api_data_protection:1.5::el9
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2.14	cpe:/a:redhat:acm:2.14::el9
Red Hat	Red Hat Advanced Cluster Security for Kubernetes 4.10	cpe:/a:redhat:advanced_cluster_security:4.10::el8
Red Hat	Red Hat Advanced Cluster Security for Kubernetes 4.8	cpe:/a:redhat:advanced_cluster_security:4.8::el8
Red Hat	Red Hat Advanced Cluster Security for Kubernetes 4.9	cpe:/a:redhat:advanced_cluster_security:4.9::el8
Red Hat	Red Hat OpenShift AI 2.25	cpe:/a:redhat:openshift_ai:2.25::el9
Red Hat	Red Hat OpenShift AI 3.3	cpe:/a:redhat:openshift_ai:3.3::el9
Red Hat	Red Hat OpenShift Container Platform 4.17	cpe:/a:redhat:openshift:4.17::el9
Red Hat	Red Hat OpenShift Container Platform 4.18	cpe:/a:redhat:openshift:4.18::el9
Red Hat	Red Hat OpenShift Container Platform 4.19	cpe:/a:redhat:openshift:4.19::el9
Red Hat	Red Hat OpenShift Container Platform 4.20	cpe:/a:redhat:openshift:4.20::el9
Red Hat	Red Hat OpenShift Container Platform 4.21	cpe:/a:redhat:openshift:4.21::el9
Red Hat	Red Hat OpenShift Container Platform 4.22	cpe:/a:redhat:openshift:4.22::el9
Red Hat	Red Hat OpenShift Dev Spaces 3.27	cpe:/a:redhat:openshift_devspaces:3.27::el9
Red Hat	Red Hat OpenShift GitOps 1.18	cpe:/a:redhat:openshift_gitops:1.18::el8
Red Hat	Red Hat OpenShift Pipelines 1.21	cpe:/a:redhat:openshift_pipelines:1.21::el9
Red Hat	Red Hat OpenShift Pipelines 1.2	cpe:/a:redhat:openshift_pipelines:1.20::el9
Red Hat	Red Hat OpenShift Service Mesh 2.6	cpe:/a:redhat:service_mesh:2.6::el8
Red Hat	Red Hat OpenShift Service Mesh 3.1	cpe:/a:redhat:service_mesh:3.1::el9
Red Hat	Red Hat OpenShift Service Mesh 3.2	cpe:/a:redhat:service_mesh:3.2::el9
Red Hat	Red Hat OpenShift Service Mesh 3.3	cpe:/a:redhat:service_mesh:3.3::el9
Red Hat	Red Hat OpenShift distributed tracing 3.9.3	cpe:/a:redhat:openshift_distributed_tracing:3.9::el9
Red Hat	Red Hat Openshift Data Foundation 4.17	cpe:/a:redhat:openshift_data_foundation:4.17::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.19	cpe:/a:redhat:openshift_data_foundation:4.19::el9
Red Hat	Red Hat Openshift Data Foundation 4.2	cpe:/a:redhat:openshift_data_foundation:4.20::el9
Red Hat	Red Hat Quay 3.12	cpe:/a:redhat:quay:3.12::el8
Red Hat	Red Hat Quay 3.14	cpe:/a:redhat:quay:3.14::el8
Red Hat	Red Hat Quay 3.15	cpe:/a:redhat:quay:3.15::el8
Red Hat	Red Hat Quay 3.16	cpe:/a:redhat:quay:3.16::el9
Red Hat	Red Hat Quay 3.17	cpe:/a:redhat:quay:3.17::el9
Red Hat	Red Hat Quay 3.1	cpe:/a:redhat:quay:3.10::el8
Red Hat	Red Hat Quay 3.9	cpe:/a:redhat:quay:3.9::el8
Red Hat	Red Hat Trusted Artifact Signer 1.3	cpe:/a:redhat:trusted_artifact_signer:1.3::el9
Red Hat	multicluster engine for Kubernetes 2.10	cpe:/a:redhat:multicluster_engine:2.10::el9
Red Hat	multicluster engine for Kubernetes 2.11	cpe:/a:redhat:multicluster_engine:2.11::el9
Red Hat	multicluster engine for Kubernetes 2.6	cpe:/a:redhat:multicluster_engine:2.6::el8
Red Hat	multicluster engine for Kubernetes 2.7	cpe:/a:redhat:multicluster_engine:2.7::el9
Red Hat	multicluster engine for Kubernetes 2.8	cpe:/a:redhat:multicluster_engine:2.8::el9
Red Hat	multicluster engine for Kubernetes 2.9	cpe:/a:redhat:multicluster_engine:2.9::el8
Red Hat	Assisted Installer for Red Hat OpenShift Container Platform 2	cpe:/a:redhat:assisted_installer:2
Red Hat	cert-manager Operator for Red Hat OpenShift	cpe:/a:redhat:cert_manager:1
Red Hat	Confidential Compute Attestation	cpe:/a:redhat:confidential_compute_attestation:1
Red Hat	Kernel Module Management Operator for Red Hat Openshift	cpe:/a:redhat:kernel_module_management:2
Red Hat	Logging Subsystem for Red Hat OpenShift	cpe:/a:redhat:logging:5
Red Hat	Migration Toolkit for Containers	cpe:/a:redhat:rhmt:1
Red Hat	Migration Toolkit for Virtualization	cpe:/a:redhat:migration_toolkit_virtualization:2
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Multicluster Global Hub	cpe:/a:redhat:multicluster_globalhub
Red Hat	OpenShift Developer Tools and Services	cpe:/a:redhat:ocp_tools
Red Hat	OpenShift Lightspeed	cpe:/a:redhat:openshift_lightspeed
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	OpenShift Serverless	cpe:/a:redhat:serverless:1
Red Hat	OpenShift Service Mesh 3	cpe:/a:redhat:service_mesh:3
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Ansible Automation Platform 2	cpe:/a:redhat:ansible_automation_platform:2
Red Hat	Red Hat Build of Podman Desktop	cpe:/a:redhat:podman_desktop:1
Red Hat	Red Hat Build of Podman Desktop - Tech Preview	cpe:/a:redhat:podman_desktop:0
Red Hat	Red Hat Connectivity Link 1	cpe:/a:redhat:connectivity_link:1
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat OpenShift AI (RHOAI)	cpe:/a:redhat:openshift_ai
Red Hat	Red Hat OpenShift Cluster Manager CLI	cpe:/a:redhat:openshift_cluster_manager_cli:1
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat Openshift Data Foundation 4	cpe:/a:redhat:openshift_data_foundation:4
Red Hat	Red Hat OpenShift Dev Spaces	cpe:/a:redhat:openshift_devspaces:3
Red Hat	Red Hat OpenShift GitOps	cpe:/a:redhat:openshift_gitops:1
Red Hat	Red Hat OpenShift on AWS	cpe:/a:redhat:openshift_service_on_aws:1
Red Hat	Red Hat Quay 3	cpe:/a:redhat:quay:3
Red Hat	Red Hat Trusted Artifact Signer	cpe:/a:redhat:trusted_artifact_signer:1
Red Hat	Security Profiles Operator	cpe:/a:redhat:openshift_security_profiles_operator:1
Red Hat	Zero Trust Workload Identity Manager - Tech Preview	cpe:/a:redhat:zero_trust_workload_identity_manager:0
Red Hat	External Secrets Operator for Red Hat OpenShift	cpe:/a:redhat:external_secrets_operator:1
Red Hat	Logical Volume Manager Storage	cpe:/a:redhat:lvms:4
Red Hat	Network Observability Operator	cpe:/a:redhat:network_observ_optr:1
Red Hat	Node HealthCheck Operator	cpe:/a:redhat:workload_availability_nhc:0
Red Hat	OpenShift Service Mesh 2	cpe:/a:redhat:service_mesh:2
Red Hat	Power monitoring for Red Hat OpenShift	cpe:/a:redhat:openshift_power_monitoring
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat Build of Kueue	cpe:/a:redhat:kueue_operator:1
Red Hat	Red Hat OpenShift for Windows Containers	cpe:/a:redhat:windows_machine_config
Red Hat	Red Hat OpenShift Virtualization 4	cpe:/a:redhat:container_native_virtualization:4
Red Hat	Red Hat OpenStack Platform 18.0	cpe:/a:redhat:openstack:18.0
Red Hat	Zero Trust Workload Identity Manager	cpe:/a:redhat:zero_trust_workload_identity_manager:1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34986",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-07T14:21:42.477191Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-07T14:21:54.041Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:cryostat:4::el9"
            ],
            "defaultStatus": "affected",
            "product": "Cryostat 4 on RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Custom Metric Autoscaler 2.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:logging:6.0::el9"
            ],
            "defaultStatus": "affected",
            "product": "Logging Subsystem for Red Hat OpenShift 6.0",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_globalhub:1.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Global Hub 1.3.4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_globalhub:1.4::el9"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Global Hub 1.4.5",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_globalhub:1.5::el9"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Global Hub 1.5.4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_globalhub:1.6::el9"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Global Hub 1.6.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift API for Data Protection 1.4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_api_data_protection:1.5::el9"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift API for Data Protection 1.5",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2.14::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.10::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:2.25::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 2.25",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:3.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 3.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.20",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.21::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.21",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.22::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.22",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3.27::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Dev Spaces 3.27",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1.18::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift GitOps 1.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1.21::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Pipelines 1.21",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Pipelines 1.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:2.6::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Service Mesh 2.6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3.1::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Service Mesh 3.1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3.2::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Service Mesh 3.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Service Mesh 3.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift distributed tracing 3.9.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.12::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.12",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.14::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.15::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.10::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.9::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Trusted Artifact Signer 1.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.10::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.11::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.11",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.6::el8"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.7::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.8::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.9::el8"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:assisted_installer:2"
            ],
            "defaultStatus": "affected",
            "product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:cert_manager:1"
            ],
            "defaultStatus": "affected",
            "product": "cert-manager Operator for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:confidential_compute_attestation:1"
            ],
            "defaultStatus": "affected",
            "product": "Confidential Compute Attestation",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:kernel_module_management:2"
            ],
            "defaultStatus": "affected",
            "product": "Kernel Module Management Operator for Red Hat Openshift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:logging:5"
            ],
            "defaultStatus": "affected",
            "product": "Logging Subsystem for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhmt:1"
            ],
            "defaultStatus": "affected",
            "product": "Migration Toolkit for Containers",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:migration_toolkit_virtualization:2"
            ],
            "defaultStatus": "affected",
            "product": "Migration Toolkit for Virtualization",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Engine for Kubernetes",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_globalhub"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Global Hub",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ocp_tools"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Developer Tools and Services",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_lightspeed"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Lightspeed",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Pipelines",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:serverless:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Serverless",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Service Mesh 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:podman_desktop:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Build of Podman Desktop",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:podman_desktop:0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Build of Podman Desktop - Tech Preview",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:connectivity_link:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Connectivity Link 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_cluster_manager_cli:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Cluster Manager CLI",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Dev Spaces",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift GitOps",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_service_on_aws:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift on AWS",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:trusted_artifact_signer:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Trusted Artifact Signer",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_security_profiles_operator:1"
            ],
            "defaultStatus": "affected",
            "product": "Security Profiles Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:zero_trust_workload_identity_manager:0"
            ],
            "defaultStatus": "affected",
            "product": "Zero Trust Workload Identity Manager - Tech Preview",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:external_secrets_operator:1"
            ],
            "defaultStatus": "unaffected",
            "product": "External Secrets Operator for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:lvms:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Logical Volume Manager Storage",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:network_observ_optr:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Network Observability Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:workload_availability_nhc:0"
            ],
            "defaultStatus": "unaffected",
            "product": "Node HealthCheck Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:2"
            ],
            "defaultStatus": "unaffected",
            "product": "OpenShift Service Mesh 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_power_monitoring"
            ],
            "defaultStatus": "unaffected",
            "product": "Power monitoring for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Advanced Cluster Security 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:kueue_operator:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Build of Kueue",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:windows_machine_config"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift for Windows Containers",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift Virtualization 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openstack:18.0"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenStack Platform 18.0",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Zero Trust Workload Identity Manager",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-06T16:22:45.353Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-131",
                "description": "Incorrect Calculation of Buffer Size",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:05:51.082Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-34986"
          },
          {
            "name": "RHBZ#2455470",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34986.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17789"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20569"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19719"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27856"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17040"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:16696"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22937"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19135"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22450"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19017"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25252"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25248"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25250"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:32991"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19721"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20607"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19720"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26054"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17287"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20609"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10135"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19186"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:23228"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19353"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22714"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19173"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26636"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26585"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22423"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22347"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21769"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:23345"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:29854"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26568"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25127"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13829"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11070"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11217"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13791"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24977"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19712"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17598"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27001"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17448"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27004"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20041"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27063"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21703"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25194"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25187"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21709"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:23241"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27044"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20034"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17474"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25206"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10175"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20946"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24484"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21932"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21931"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11688"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9448"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8490"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9453"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8491"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8493"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9388"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9385"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17550"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17547"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12279"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12277"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11856"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22629"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21017"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24853"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19375"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22465"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11916"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22840"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:23361"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11996"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10125"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10130"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24475"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24482"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24479"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24477"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:24471"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12116"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19099"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19108"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:28198"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17459"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17458"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11512"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17123"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22258"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17121"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:22260"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:30650"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:18584"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:18585"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:17789: Cryostat 4 on RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20569: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27856: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17040: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:16696: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22937: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22450: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19017: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25252: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25248: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25250: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:32991: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20607: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26054: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17287: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20609: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10135: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19186: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:23228: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22714: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19173: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26636: Custom Metric Autoscaler 2.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26585: Logging Subsystem for Red Hat OpenShift 6.0"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22423: Multicluster Global Hub 1.3.4"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:29854: OpenShift API for Data Protection 1.4"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26568: OpenShift API for Data Protection 1.5"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11070: Red Hat Advanced Cluster Security for Kubernetes 4.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11217: Red Hat Advanced Cluster Security for Kubernetes 4.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17598: Red Hat OpenShift Container Platform 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27001: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17448: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27004: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27063: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21703: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25194: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25187: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21709: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:23241: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27044: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20034: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17474: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25206: Red Hat OpenShift Container Platform 4.22"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10175: Red Hat OpenShift Dev Spaces 3.27"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20946: Red Hat OpenShift GitOps 1.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24484: Red Hat OpenShift Pipelines 1.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21932: Red Hat OpenShift Pipelines 1.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21931: Red Hat OpenShift Pipelines 1.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11688: Red Hat OpenShift Service Mesh 2.6"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9448: Red Hat OpenShift Service Mesh 3.1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8490: Red Hat OpenShift Service Mesh 3.1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9453: Red Hat OpenShift Service Mesh 3.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8491: Red Hat OpenShift Service Mesh 3.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8493: Red Hat OpenShift Service Mesh 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9388: Red Hat OpenShift distributed tracing 3.9.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17550: Red Hat Openshift Data Foundation 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17547: Red Hat Openshift Data Foundation 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12279: Red Hat Openshift Data Foundation 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12277: Red Hat Openshift Data Foundation 4.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11856: Red Hat Quay 3.12"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22629: Red Hat Quay 3.12"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21017: Red Hat Quay 3.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24853: Red Hat Quay 3.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19375: Red Hat Quay 3.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22465: Red Hat Quay 3.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11916: Red Hat Quay 3.1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22840: Red Hat Quay 3.1"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:23361: Red Hat Quay 3.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11996: Red Hat Quay 3.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10125: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10130: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24475: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24482: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24479: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24477: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:24471: Red Hat Trusted Artifact Signer 1.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12116: multicluster engine for Kubernetes 2.10"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19099: multicluster engine for Kubernetes 2.10"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19108: multicluster engine for Kubernetes 2.11"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:28198: multicluster engine for Kubernetes 2.6"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17459: multicluster engine for Kubernetes 2.6"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17458: multicluster engine for Kubernetes 2.6"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11512: multicluster engine for Kubernetes 2.7"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17123: multicluster engine for Kubernetes 2.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22258: multicluster engine for Kubernetes 2.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17121: multicluster engine for Kubernetes 2.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:22260: multicluster engine for Kubernetes 2.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:30650: multicluster engine for Kubernetes 2.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:18584: multicluster engine for Kubernetes 2.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:18585: multicluster engine for Kubernetes 2.9"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-06T17:01:34.639Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-06T16:22:45.353Z",
            "value": "Made public."
          }
        ],
        "title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "go-jose",
          "vendor": "go-jose",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.1.4"
            },
            {
              "status": "affected",
              "version": "\u003c 3.0.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-06T16:22:45.353Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
        },
        {
          "name": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
        }
      ],
      "source": {
        "advisory": "GHSA-78h2-9frx-2jm8",
        "discovery": "UNKNOWN"
      },
      "title": "Go JOSE affect by a panic in JWE decryption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-34986",
    "datePublished": "2026-04-06T16:22:45.353Z",
    "dateReserved": "2026-03-31T19:38:31.617Z",
    "dateUpdated": "2026-06-30T12:05:51.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:21540-1

CVE-2026-34986 (GCVE-0-2026-34986)

Tags

Sightings

Nomenclature